diff --git a/definitions/aerospike.com/aerospikecluster.yaml b/definitions/aerospike.com/aerospikecluster.yaml new file mode 100644 index 000000000..e15f4f9f4 --- /dev/null +++ b/definitions/aerospike.com/aerospikecluster.yaml @@ -0,0 +1,1736 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: aerospikeclusters.aerospike.com +spec: + group: aerospike.com + names: + kind: AerospikeCluster + listKind: AerospikeClusterList + plural: aerospikeclusters + singular: aerospikecluster + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: AerospikeCluster is the Schema for the aerospikeclusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AerospikeClusterSpec defines the desired state of AerospikeCluster + properties: + aerospikeAccessControl: + description: AerospikeAccessControl has the Aerospike roles and users + definitions. Required if aerospike cluster security is enabled. + properties: + adminPolicy: + description: AerospikeClientAdminPolicy specify the aerospike client + admin policy for access control operations. + properties: + timeout: + description: Timeout for admin client policy in milliseconds. + type: integer + required: + - timeout + type: object + roles: + description: Roles is the set of roles to allow on the Aerospike + cluster. + items: + description: AerospikeRoleSpec specifies an Aerospike database + role and its associated privileges. + properties: + name: + description: Name of this role. + type: string + privileges: + description: Privileges granted to this role. + items: + type: string + type: array + whitelist: + description: Whitelist of host address allowed for this role. + items: + type: string + type: array + required: + - name + - privileges + type: object + type: array + users: + description: Users is the set of users to allow on the Aerospike + cluster. + items: + description: AerospikeUserSpec specifies an Aerospike database + user, the secret name for the password and, associated roles. + properties: + name: + description: Name is the user's username. + type: string + roles: + description: Roles is the list of roles granted to the user. + items: + type: string + type: array + secretName: + description: 'SecretName has secret info created by user. + User needs to create this secret from password literal. + eg: kubectl create secret generic dev-db-secret --from-literal=password=''password''' + type: string + required: + - name + - roles + - secretName + type: object + type: array + required: + - users + type: object + aerospikeConfig: + description: AerospikeConfig sets config in aerospike.conf file. Other + configs are taken as default + aerospikeConfigSecret: + description: AerospikeConfigSecret has secret info created by user. + User needs to create this secret having tls files, feature key for + cluster + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + aerospikeNetworkPolicy: + description: AerospikeNetworkPolicy specifies how clients and tools + access the Aerospike cluster. + properties: + access: + description: AccessType is the type of network address to use for + Aerospike access address. Defaults to hostInternal. + enum: + - pod + - hostInternal + - hostExternal + type: string + alternateAccess: + description: AlternateAccessType is the type of network address + to use for Aerospike alternate access address. Defaults to hostExternal. + enum: + - pod + - hostInternal + - hostExternal + type: string + tlsAccess: + description: TLSAccessType is the type of network address to use + for Aerospike TLS access address. Defaults to hostInternal. + enum: + - pod + - hostInternal + - hostExternal + type: string + tlsAlternateAccess: + description: TLSAlternateAccessType is the type of network address + to use for Aerospike TLS alternate access address. Defaults to + hostExternal. + enum: + - pod + - hostInternal + - hostExternal + type: string + type: object + image: + description: Aerospike server image + type: string + multiPodPerHost: + description: "If set true then multiple pods can be created per Kubernetes + Node. This will create a NodePort service for each Pod. NodePort, + as the name implies, opens a specific port on all the Kubernetes Nodes + , and any traffic that is sent to this port is forwarded to the service. + Here service picks a random port in range (30000-32767), so these + port should be open. \n If set false then only single pod can be created + per Kubernetes Node. This will create Pods using hostPort setting. + The container port will be exposed to the external network at :, + where the hostIP is the IP address of the Kubernetes Node where the + container is running and the hostPort is the port requested by the + user." + type: boolean + podSpec: + description: Additional configuration for create Aerospike pods. + properties: + sidecars: + description: Sidecars to add to pods. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the input + string will be unchanged. The $(VAR_NAME) syntax can be + escaped with a double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, metadata.labels, + metadata.annotations, spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + description: Specifies the output format of + the exposed resources, defaults to "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The reason for termination is passed + to the handler. The Pod''s termination grace period + countdown begins before the PreStop hooked is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period. Other management of the container blocks + until the hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing + a port here gives the system additional information about + the network connections a container uses, but is primarily + informational. Not specifying a port here DOES NOT prevent + that port from being exposed. Any port which is listening + on the default "0.0.0.0" address inside a container will + be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in + a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the + probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: implement + a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. More + info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + windowsOptions: + description: Windows security options. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. This + field is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. This field is alpha-level + and is only honored by servers that enable the WindowsGMSA + feature flag. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, + reads from stdin in the container will always result in + EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY + for itself, also requires 'stdin' to be true. Default is + false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to + be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + type: object + rackConfig: + description: RackConfig Configures the operator to deploy rack aware + Aerospike cluster. Pods will be deployed in given racks based on given + configuration + properties: + namespaces: + description: List of Aerospike namespaces for which rack feature + will be enabled + items: + type: string + type: array + racks: + description: Racks is the list of all racks + items: + description: Rack specifies single rack config + properties: + aerospikeConfig: + description: AerospikeConfig overrides the common AerospikeConfig + for this Rack. This is merged with global Aerospike config. + effectiveAerospikeConfig: + description: Effective/operative Aerospike config. The resultant + is merge of rack Aerospike config and the global Aerospike + config + effectiveStorage: + description: Effective/operative storage. The resultant is + user input if specified else global storage + properties: + blockVolumePolicy: + description: BlockVolumePolicy contains default policies + for block volumes. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent + volumes are deleted after the pod this volume binds + to is terminated and removed from the cluster. + type: boolean + effectiveCascadeDelete: + description: Effective/operative value to use for + cascade delete after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as the + volume init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached + to Aerospike server pods are initialized when the + pods comes up the first time. Defaults to "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + required: + - effectiveCascadeDelete + type: object + filesystemVolumePolicy: + description: FileSystemVolumePolicy contains default policies + for filesystem volumes. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent + volumes are deleted after the pod this volume binds + to is terminated and removed from the cluster. + type: boolean + effectiveCascadeDelete: + description: Effective/operative value to use for + cascade delete after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as the + volume init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached + to Aerospike server pods are initialized when the + pods comes up the first time. Defaults to "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + required: + - effectiveCascadeDelete + type: object + volumes: + description: Volumes list to attach to created pods. + items: + description: AerospikePersistentVolumeSpec describes + a persistent volume to claim and attach to Aerospike + pods. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent + volumes are deleted after the pod this volume + binds to is terminated and removed from the cluster. + type: boolean + configMap: + description: Name of the configmap for 'configmap' + mode volumes. + type: string + effectiveCascadeDelete: + description: Effective/operative value to use for + cascade delete after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as + the volume init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached + to Aerospike server pods are initialized when + the pods comes up the first time. Defaults to + "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + path: + description: Path is the device path where block + 'block' mode volumes are attached to the pod or + the mount path for 'filesystem' mode. + type: string + sizeInGB: + description: SizeInGB Size of volume in GB. + format: int32 + type: integer + storageClass: + description: StorageClass should be pre-created + by user. + type: string + volumeMode: + description: VolumeMode specifies if the volume + is block/raw or a filesystem. + enum: + - filesystem + - block + - configMap + type: string + required: + - effectiveCascadeDelete + - path + - sizeInGB + - storageClass + - volumeMode + type: object + type: array + type: object + id: + description: Identifier for the rack + type: integer + nodeName: + description: K8s Node name for setting rack affinity. Rack + pods will be deployed in given k8s Node + type: string + rackLabel: + description: 'Racklabel for setting rack affinity. Rack pods + will be deployed in k8s nodes having rackLable {aerospike.com/rack-label: + }' + type: string + region: + description: Region name for setting rack affinity. Rack pods + will be deployed to given Region + type: string + storage: + description: Storage specify persistent storage to use for + the pods in this rack. This value overwrites the global + storage config + properties: + blockVolumePolicy: + description: BlockVolumePolicy contains default policies + for block volumes. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent + volumes are deleted after the pod this volume binds + to is terminated and removed from the cluster. + type: boolean + effectiveCascadeDelete: + description: Effective/operative value to use for + cascade delete after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as the + volume init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached + to Aerospike server pods are initialized when the + pods comes up the first time. Defaults to "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + required: + - effectiveCascadeDelete + type: object + filesystemVolumePolicy: + description: FileSystemVolumePolicy contains default policies + for filesystem volumes. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent + volumes are deleted after the pod this volume binds + to is terminated and removed from the cluster. + type: boolean + effectiveCascadeDelete: + description: Effective/operative value to use for + cascade delete after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as the + volume init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached + to Aerospike server pods are initialized when the + pods comes up the first time. Defaults to "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + required: + - effectiveCascadeDelete + type: object + volumes: + description: Volumes list to attach to created pods. + items: + description: AerospikePersistentVolumeSpec describes + a persistent volume to claim and attach to Aerospike + pods. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent + volumes are deleted after the pod this volume + binds to is terminated and removed from the cluster. + type: boolean + configMap: + description: Name of the configmap for 'configmap' + mode volumes. + type: string + effectiveCascadeDelete: + description: Effective/operative value to use for + cascade delete after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as + the volume init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached + to Aerospike server pods are initialized when + the pods comes up the first time. Defaults to + "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + path: + description: Path is the device path where block + 'block' mode volumes are attached to the pod or + the mount path for 'filesystem' mode. + type: string + sizeInGB: + description: SizeInGB Size of volume in GB. + format: int32 + type: integer + storageClass: + description: StorageClass should be pre-created + by user. + type: string + volumeMode: + description: VolumeMode specifies if the volume + is block/raw or a filesystem. + enum: + - filesystem + - block + - configMap + type: string + required: + - effectiveCascadeDelete + - path + - sizeInGB + - storageClass + - volumeMode + type: object + type: array + type: object + zone: + description: Zone name for setting rack affinity. Rack pods + will be deployed to given Zone + type: string + required: + - effectiveAerospikeConfig + - effectiveStorage + - id + type: object + type: array + required: + - racks + type: object + resources: + description: Define resources requests and limits for Aerospike Server + Container. Please contact aerospike for proper sizing exercise Only + Memory and Cpu resources can be given Resources.Limits should be more + than Resources.Requests. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + size: + description: Aerospike cluster size + format: int32 + type: integer + storage: + description: Storage specify persistent storage to use for the Aerospike + pods. + properties: + blockVolumePolicy: + description: BlockVolumePolicy contains default policies for block + volumes. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent volumes + are deleted after the pod this volume binds to is terminated + and removed from the cluster. + type: boolean + effectiveCascadeDelete: + description: Effective/operative value to use for cascade delete + after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as the volume + init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached to Aerospike + server pods are initialized when the pods comes up the first + time. Defaults to "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + required: + - effectiveCascadeDelete + type: object + filesystemVolumePolicy: + description: FileSystemVolumePolicy contains default policies for + filesystem volumes. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent volumes + are deleted after the pod this volume binds to is terminated + and removed from the cluster. + type: boolean + effectiveCascadeDelete: + description: Effective/operative value to use for cascade delete + after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as the volume + init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached to Aerospike + server pods are initialized when the pods comes up the first + time. Defaults to "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + required: + - effectiveCascadeDelete + type: object + volumes: + description: Volumes list to attach to created pods. + items: + description: AerospikePersistentVolumeSpec describes a persistent + volume to claim and attach to Aerospike pods. + properties: + cascadeDelete: + description: CascadeDelete determines if the persistent volumes + are deleted after the pod this volume binds to is terminated + and removed from the cluster. + type: boolean + configMap: + description: Name of the configmap for 'configmap' mode volumes. + type: string + effectiveCascadeDelete: + description: Effective/operative value to use for cascade + delete after applying defaults. + type: boolean + effectiveInitMethod: + description: Effective/operative value to use as the volume + init method after applying defaults. + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + initMethod: + description: InitMethod determines how volumes attached to + Aerospike server pods are initialized when the pods comes + up the first time. Defaults to "none". + enum: + - none + - dd + - blkdiscard + - deleteFiles + type: string + path: + description: Path is the device path where block 'block' mode + volumes are attached to the pod or the mount path for 'filesystem' + mode. + type: string + sizeInGB: + description: SizeInGB Size of volume in GB. + format: int32 + type: integer + storageClass: + description: StorageClass should be pre-created by user. + type: string + volumeMode: + description: VolumeMode specifies if the volume is block/raw + or a filesystem. + enum: + - filesystem + - block + - configMap + type: string + required: + - effectiveCascadeDelete + - path + - sizeInGB + - storageClass + - volumeMode + type: object + type: array + type: object + validationPolicy: + description: ValidationPolicy controls validation of the Aerospike cluster + resource. + properties: + skipWorkDirValidate: + description: skipWorkDirValidate validates that Aerospike work directory + is mounted on a persistent file storage. Defaults to false. + type: boolean + skipXdrDlogFileValidate: + description: ValidateXdrDigestLogFile validates that xdr digest + log file is mounted on a persistent file storage. Defaults to + false. + type: boolean + required: + - skipWorkDirValidate + - skipXdrDlogFileValidate + type: object + required: + - aerospikeConfig + - image + - resources + - size + type: object + status: + description: AerospikeClusterStatus defines the observed state of AerospikeCluster + properties: + pods: + additionalProperties: + description: AerospikePodStatus contains the Aerospike specific status + of the Aerospike serverpods. + properties: + aerospike: + description: Aerospike server instance summary for this pod. + properties: + accessEndpoints: + description: AccessEndpoints are the access endpoints for + this pod. + items: + type: string + type: array + alternateAccessEndpoints: + description: AlternateAccessEndpoints are the alternate access + endpoints for this pod. + items: + type: string + type: array + clusterName: + description: ClusterName is the name of the Aerospike cluster + this pod belongs to. + type: string + nodeID: + description: NodeID is the unique Aerospike ID for this pod. + type: string + rackID: + description: RackID of rack to which this node belongs + type: integer + tlsAccessEndpoints: + description: TLSAccessEndpoints are the TLS access endpoints + for this pod. + items: + type: string + type: array + tlsAlternateAccessEndpoints: + description: TLSAlternateAccessEndpoints are the alternate + TLS access endpoints for this pod. + items: + type: string + type: array + tlsName: + description: TLSName is the TLS name of this pod in the Aerospike + cluster. + type: string + required: + - clusterName + - nodeID + type: object + aerospikeConfigHash: + description: AerospikeConfigHash is ripemd160 hash of aerospikeConfig + used by this pod + type: string + hostExternalIP: + description: HostExternalIP of the K8s host this pod is scheduled + on. + type: string + hostInternalIP: + description: HostInternalIP of the K8s host this pod is scheduled + on. + type: string + image: + description: Image is the Aerospike image this pod is running. + type: string + initializedVolumePaths: + description: InitializedVolumePaths is the list of device path + that have already been initialized. + items: + type: string + type: array + networkPolicyHash: + description: NetworkPolicyHash is ripemd160 hash of NetworkPolicy + used by this pod + type: string + podIP: + description: PodIP in the K8s network. + type: string + podPort: + description: PodPort is the port K8s intenral Aerospike clients + can connect to. + type: integer + podSpecHash: + description: PodSpecHash is ripemd160 hash of PodSpec used by + this pod + type: string + servicePort: + description: ServicePort is the port Aerospike clients outside + K8s can connect to. + format: int32 + type: integer + required: + - aerospikeConfigHash + - image + - initializedVolumePaths + - networkPolicyHash + - podIP + - podPort + - podSpecHash + - servicePort + type: object + description: Pods has Aerospike specific status of the pods. This is + map instead of the conventional map as list convention to allow each + pod to patch update its own status. The map key is the name of the + pod. + type: object + required: + - pods + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + diff --git a/definitions/apps.kubeblocks.io/backuppolicytemplate.yaml b/definitions/apps.kubeblocks.io/backuppolicytemplate.yaml new file mode 100644 index 000000000..68d8c0052 --- /dev/null +++ b/definitions/apps.kubeblocks.io/backuppolicytemplate.yaml @@ -0,0 +1,1197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: kubeblocks + name: backuppolicytemplates.apps.kubeblocks.io +spec: + group: apps.kubeblocks.io + names: + categories: + - kubeblocks + kind: BackupPolicyTemplate + listKind: BackupPolicyTemplateList + plural: backuppolicytemplates + shortNames: + - bpt + singular: backuppolicytemplate + scope: Cluster + versions: + - additionalPrinterColumns: + - description: ClusterDefinition referenced by cluster. + jsonPath: .spec.clusterDefinitionRef + name: CLUSTER-DEFINITION + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + BackupPolicyTemplate should be provided by addon developers and is linked to a ClusterDefinition + and its associated ComponentDefinitions. + It is responsible for generating BackupPolicies for Components that require backup operations, + also determining the suitable backup methods and strategies. + This template is automatically selected based on the specified ClusterDefinition and ComponentDefinitions + when a Cluster is created. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Defines the desired state of the BackupPolicyTemplate. + properties: + backupPolicies: + description: |- + Represents an array of BackupPolicy templates, with each template corresponding to a specified ComponentDefinition + or to a group of ComponentDefinitions that are different versions of definitions of the same component. + items: + description: |- + BackupPolicy is the template corresponding to a specified ComponentDefinition + or to a group of ComponentDefinitions that are different versions of definitions of the same component. + properties: + backoffLimit: + default: 2 + description: Specifies the maximum number of retry attempts + for a backup before it is considered a failure. + format: int32 + maximum: 10 + minimum: 0 + type: integer + backupMethods: + description: Defines an array of BackupMethods to be used. + items: + properties: + actionSetName: + description: |- + Refers to the ActionSet object that defines the backup actions. + For volume snapshot backup, the actionSet is not required, the controller + will use the CSI volume snapshotter to create the snapshot. + type: string + compatibleMethod: + description: The name of the compatible full backup method, + used by incremental backups. + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + env: + description: Specifies the environment variables for the + backup workload. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envMapping: + description: |- + Specifies a mapping of an environment variable key to the appropriate version of the tool image + required for backups, as determined by ClusterVersion and ComponentDefinition. + The environment variable is then injected into the container executing the backup task. + items: + properties: + key: + description: Specifies the environment variable + key in the mapping. + type: string + valueFrom: + description: |- + Specifies the source used to derive the value of the environment variable, + which typically represents the tool image required for backup operation. + properties: + clusterVersionRef: + description: |- + Determine the appropriate version of the backup tool image from ClusterVersion. + + + Deprecated since v0.9, since ClusterVersion is deprecated. + items: + properties: + mappingValue: + description: Specifies the appropriate + version of the backup tool image. + type: string + names: + description: |- + Represents an array of names of ClusterVersion or ComponentDefinition or ServiceVersion that can be mapped to + the appropriate version of the backup tool image. + + + This mapping allows different versions of component images to correspond to specific versions of backup tool images. + items: + type: string + type: array + required: + - mappingValue + - names + type: object + type: array + componentDef: + description: |- + Determine the appropriate version of the backup tool image from ComponentDefinition. + Each name in the list can represent an exact name, a name prefix, or a regular expression pattern. + + + For example: + + + - "mysql-8.0.30-v1alpha1": Matches the exact name "mysql-8.0.30-v1alpha1" + - "mysql-8.0.30": Matches all names starting with "mysql-8.0.30" + - "^mysql-8.0.\d{1,2}$": Matches all names starting with "mysql-8.0." followed by one or two digits. + items: + properties: + mappingValue: + description: Specifies the appropriate + version of the backup tool image. + type: string + names: + description: |- + Represents an array of names of ClusterVersion or ComponentDefinition or ServiceVersion that can be mapped to + the appropriate version of the backup tool image. + + + This mapping allows different versions of component images to correspond to specific versions of backup tool images. + items: + type: string + type: array + required: + - mappingValue + - names + type: object + type: array + serviceVersion: + description: |- + Determine the appropriate version of the backup tool image from ServiceVersion. + Each service version in the list can represent an exact version, a version prefix, or a regular expression pattern. + + + For example: + + + - "8.0.33": Matches the exact version "8.0.33" + - "8.0": Matches all versions starting with "8.0" + - "^8.0.\d{1,2}$": Matches all versions starting with "8.0." followed by one or two digits. + items: + properties: + mappingValue: + description: Specifies the appropriate + version of the backup tool image. + type: string + names: + description: |- + Represents an array of names of ClusterVersion or ComponentDefinition or ServiceVersion that can be mapped to + the appropriate version of the backup tool image. + + + This mapping allows different versions of component images to correspond to specific versions of backup tool images. + items: + type: string + type: array + required: + - mappingValue + - names + type: object + type: array + type: object + required: + - key + - valueFrom + type: object + type: array + name: + description: The name of backup method. + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + runtimeSettings: + description: Specifies runtime settings for the backup + workload container. + properties: + resources: + description: |- + Specifies the resource required by container. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + snapshotVolumes: + default: false + description: |- + Specifies whether to take snapshots of persistent volumes. If true, + the ActionSetName is not required, the controller will use the CSI volume + snapshotter to create the snapshot. + type: boolean + target: + description: Specifies the target information to back + up, it will override the target in backup policy. + properties: + account: + description: |- + If `backupPolicy.componentDefs` is set, this field is required to specify the system account name. + This account must match one listed in `componentDefinition.spec.systemAccounts[*].name`. + The corresponding secret created by this account is used to connect to the database. + + + If `backupPolicy.componentDefRef` (a legacy and deprecated API) is set, the secret defined in + `clusterDefinition.spec.ConnectionCredential` is used instead. + type: string + connectionCredential: + description: Specifies the connection credential to + connect to the target database cluster. + properties: + hostKey: + description: Specifies the map key of the host + in the connection credential secret. + type: string + passwordKey: + default: password + description: |- + Specifies the map key of the password in the connection credential secret. + This password will be saved in the backup annotation for full backup. + You can use the environment variable DP_ENCRYPTION_KEY to specify encryption key. + type: string + portKey: + description: Specifies the map key of the port + in the connection credential secret. + type: string + secretName: + description: Refers to the Secret object that + contains the connection credential. + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + usernameKey: + default: username + description: Specifies the map key of the user + in the connection credential secret. + type: string + required: + - secretName + type: object + connectionCredentialKey: + description: |- + Specifies the keys of the connection credential secret defined in `clusterDefinition.spec.ConnectionCredential`. + It will be ignored when the `account` is set. + properties: + hostKey: + description: Defines the key of the host in the + connection credential secret. + type: string + passwordKey: + description: |- + Represents the key of the password in the connection credential secret. + If not specified, the default key "password" is used. + type: string + portKey: + description: Indicates map key of the port in + the connection credential secret. + type: string + usernameKey: + description: |- + Represents the key of the username in the connection credential secret. + If not specified, the default key "username" is used. + type: string + type: object + fallbackRole: + description: |- + Specifies the fallback role to select one replica for backup, this only takes effect when the + `strategy` field below is set to `Any`. + type: string + name: + description: |- + Specifies a mandatory and unique identifier for each target when using the "targets" field. + The backup data for the current target is stored in a uniquely named subdirectory. + type: string + podSelector: + description: Used to find the target pod. The volumes + of the target pod will be backed up. + properties: + fallbackLabelSelector: + description: |- + fallbackLabelSelector is used to filter available pods when the labelSelector fails. + This only takes effect when the `strategy` field below is set to `Any`. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + strategy: + default: Any + description: |- + Specifies the strategy to select the target pod when multiple pods are selected. + Valid values are: + + + - `Any`: select any one pod that match the labelsSelector. + - `All`: select all pods that match the labelsSelector. The backup data for the current pod + will be stored in a subdirectory named after the pod. + enum: + - Any + - All + type: string + useParentSelectedPods: + description: |- + UseParentSelectedPods indicates whether to use the pods selected by the parent for backup. + If set to true, the backup will use the same pods selected by the parent. + And only takes effect when the 'strategy' is set to 'Any'. + type: boolean + type: object + x-kubernetes-map-type: atomic + resources: + description: Specifies the kubernetes resources to + back up. + properties: + excluded: + description: |- + excluded is a slice of namespaced-scoped resource type names to exclude in + the kubernetes resources. + The default value is empty. + items: + type: string + type: array + included: + description: |- + included is a slice of namespaced-scoped resource type names to include in + the kubernetes resources. + The default value is empty. + items: + type: string + type: array + selector: + description: |- + A metav1.LabelSelector to filter the target kubernetes resources that need + to be backed up. If not set, will do not back up any kubernetes resources. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + role: + description: |- + Specifies the role to select one or more replicas for backup. + + + - If no replica with the specified role exists, the backup task will fail. + Special case: If there is only one replica in the cluster, it will be used for backup, + even if its role differs from the specified one. + For example, if you specify backing up on a secondary replica, but the cluster is single-node + with only one primary replica, the primary will be used for backup. + Future versions will address this special case using role priorities. + - If multiple replicas satisfy the specified role, the choice (`Any` or `All`) will be made according to + the `strategy` field below. + type: string + serviceAccountName: + description: Specifies the service account to run + the backup workload. + type: string + strategy: + description: |- + Specifies the PodSelectionStrategy to use when multiple pods are + selected for the backup target. + Valid values are: + + + - Any: Selects any one pod that matches the labelsSelector. + - All: Selects all pods that match the labelsSelector. + enum: + - Any + - All + type: string + useParentSelectedPods: + description: |- + UseParentSelectedPods indicates whether to use the pods selected by the parent for backup. + If set to true, the backup will use the same pods selected by the parent. + And only takes effect when the 'strategy' is set to 'Any'. + type: boolean + required: + - role + type: object + targetVolumes: + description: Specifies which volumes from the target should + be mounted in the backup workload. + properties: + volumeMounts: + description: Specifies the mount for the volumes specified + in `volumes` section. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + Specifies the list of volumes of targeted application that should be mounted + on the backup workload. + items: + type: string + type: array + type: object + targets: + description: |- + Specifies multiple target information for backup operations. This includes details + such as the target pod and cluster connection credentials. All specified targets + will be backed up collectively. + items: + properties: + connectionCredential: + description: Specifies the connection credential + to connect to the target database cluster. + properties: + hostKey: + description: Specifies the map key of the host + in the connection credential secret. + type: string + passwordKey: + default: password + description: |- + Specifies the map key of the password in the connection credential secret. + This password will be saved in the backup annotation for full backup. + You can use the environment variable DP_ENCRYPTION_KEY to specify encryption key. + type: string + portKey: + description: Specifies the map key of the port + in the connection credential secret. + type: string + secretName: + description: Refers to the Secret object that + contains the connection credential. + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + usernameKey: + default: username + description: Specifies the map key of the user + in the connection credential secret. + type: string + required: + - secretName + type: object + name: + description: |- + Specifies a mandatory and unique identifier for each target when using the "targets" field. + The backup data for the current target is stored in a uniquely named subdirectory. + type: string + podSelector: + description: Used to find the target pod. The volumes + of the target pod will be backed up. + properties: + fallbackLabelSelector: + description: |- + fallbackLabelSelector is used to filter available pods when the labelSelector fails. + This only takes effect when the `strategy` field below is set to `Any`. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + strategy: + default: Any + description: |- + Specifies the strategy to select the target pod when multiple pods are selected. + Valid values are: + + + - `Any`: select any one pod that match the labelsSelector. + - `All`: select all pods that match the labelsSelector. The backup data for the current pod + will be stored in a subdirectory named after the pod. + enum: + - Any + - All + type: string + useParentSelectedPods: + description: |- + UseParentSelectedPods indicates whether to use the pods selected by the parent for backup. + If set to true, the backup will use the same pods selected by the parent. + And only takes effect when the 'strategy' is set to 'Any'. + type: boolean + type: object + x-kubernetes-map-type: atomic + resources: + description: Specifies the kubernetes resources + to back up. + properties: + excluded: + description: |- + excluded is a slice of namespaced-scoped resource type names to exclude in + the kubernetes resources. + The default value is empty. + items: + type: string + type: array + included: + description: |- + included is a slice of namespaced-scoped resource type names to include in + the kubernetes resources. + The default value is empty. + items: + type: string + type: array + selector: + description: |- + A metav1.LabelSelector to filter the target kubernetes resources that need + to be backed up. If not set, will do not back up any kubernetes resources. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + serviceAccountName: + description: Specifies the service account to run + the backup workload. + type: string + type: object + type: array + required: + - name + type: object + type: array + componentDefRef: + description: |- + Specifies the name of ClusterComponentDefinition defined in the ClusterDefinition. + Must comply with the IANA Service Naming rule. + + + Deprecated since v0.9, should use `componentDefs` instead. + This field is maintained for backward compatibility and its use is discouraged. + Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. + maxLength: 22 + pattern: ^[a-z]([a-z0-9\-]*[a-z0-9])?$ + type: string + componentDefs: + description: |- + Specifies the name of the ComponentDefinition. + Each name in the list can represent an exact name, a name prefix, or a regular expression pattern. + + + For example: + + + - "mysql-8.0.30-v1alpha1": Matches the exact name "mysql-8.0.30-v1alpha1" + - "mysql-8.0.30": Matches all names starting with "mysql-8.0.30" + - "^mysql-8.0.\d{1,2}$": Matches all names starting with "mysql-8.0." followed by one or two digits. + items: + type: string + type: array + schedules: + description: |- + Defines the execution plans for backup tasks, specifying when and how backups should occur, + and the retention period of backup files. + items: + properties: + backupMethod: + description: Defines the backup method name that is defined + in backupPolicy. + type: string + cronExpression: + description: |- + Represents the cron expression for schedule, with the timezone set in UTC. + Refer to https://en.wikipedia.org/wiki/Cron for more details. + type: string + enabled: + description: Specifies whether the backup schedule is + enabled or not. + type: boolean + name: + description: |- + Specifies the name of the schedule. Names cannot be duplicated. + If the name is empty, it will be considered the same as the value of the backupMethod below. + type: string + parameters: + description: |- + Specifies a list of name-value pairs representing parameters and their corresponding values. + Parameters match the schema specified in the `actionset.spec.parametersSchema` + items: + properties: + name: + description: Represents the name of the parameter. + type: string + value: + description: Represents the parameter values. + type: string + required: + - name + - value + type: object + maxItems: 128 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + retentionPeriod: + default: 7d + description: "Determines the duration for which the backup + should be retained.\nThe controller will remove all + backups that are older than the RetentionPeriod.\nFor + instance, a RetentionPeriod of `30d` will retain only + the backups from the last 30 days.\nSample duration + format:\n\n\n- years: \t2y\n- months: \t6mo\n- days: + \t\t30d\n- hours: \t12h\n- minutes: \t30m\n\n\nThese + durations can also be combined, for example: 30d12h30m." + type: string + required: + - backupMethod + - cronExpression + type: object + type: array + target: + description: |- + Defines the selection criteria of instance to be backed up, and the connection credential to be used + during the backup process. + properties: + account: + description: |- + If `backupPolicy.componentDefs` is set, this field is required to specify the system account name. + This account must match one listed in `componentDefinition.spec.systemAccounts[*].name`. + The corresponding secret created by this account is used to connect to the database. + + + If `backupPolicy.componentDefRef` (a legacy and deprecated API) is set, the secret defined in + `clusterDefinition.spec.ConnectionCredential` is used instead. + type: string + connectionCredentialKey: + description: |- + Specifies the keys of the connection credential secret defined in `clusterDefinition.spec.ConnectionCredential`. + It will be ignored when the `account` is set. + properties: + hostKey: + description: Defines the key of the host in the connection + credential secret. + type: string + passwordKey: + description: |- + Represents the key of the password in the connection credential secret. + If not specified, the default key "password" is used. + type: string + portKey: + description: Indicates map key of the port in the connection + credential secret. + type: string + usernameKey: + description: |- + Represents the key of the username in the connection credential secret. + If not specified, the default key "username" is used. + type: string + type: object + fallbackRole: + description: |- + Specifies the fallback role to select one replica for backup, this only takes effect when the + `strategy` field below is set to `Any`. + type: string + role: + description: |- + Specifies the role to select one or more replicas for backup. + + + - If no replica with the specified role exists, the backup task will fail. + Special case: If there is only one replica in the cluster, it will be used for backup, + even if its role differs from the specified one. + For example, if you specify backing up on a secondary replica, but the cluster is single-node + with only one primary replica, the primary will be used for backup. + Future versions will address this special case using role priorities. + - If multiple replicas satisfy the specified role, the choice (`Any` or `All`) will be made according to + the `strategy` field below. + type: string + strategy: + description: |- + Specifies the PodSelectionStrategy to use when multiple pods are + selected for the backup target. + Valid values are: + + + - Any: Selects any one pod that matches the labelsSelector. + - All: Selects all pods that match the labelsSelector. + enum: + - Any + - All + type: string + useParentSelectedPods: + description: |- + UseParentSelectedPods indicates whether to use the pods selected by the parent for backup. + If set to true, the backup will use the same pods selected by the parent. + And only takes effect when the 'strategy' is set to 'Any'. + type: boolean + required: + - role + type: object + required: + - backupMethods + type: object + minItems: 1 + type: array + clusterDefinitionRef: + description: |- + Specifies the name of a ClusterDefinition. + This is an immutable attribute that cannot be changed after creation. + And this field is deprecated since v0.9, consider using the ComponentDef instead. + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + x-kubernetes-validations: + - message: clusterDefinitionRef is immutable + rule: self == oldSelf + identifier: + description: |- + Specifies a unique identifier for the BackupPolicyTemplate. + + + This identifier will be used as the suffix of the name of automatically generated BackupPolicy. + This prevents unintended overwriting of BackupPolicies due to name conflicts when multiple BackupPolicyTemplates + are present. + For instance, using "backup-policy" for regular backups and "backup-policy-hscale" for horizontal-scale ops + can differentiate the policies. + maxLength: 20 + type: string + required: + - backupPolicies + type: object + status: + description: Populated by the system, it represents the current information + about the BackupPolicyTemplate. + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/apps.kubeblocks.io/clusterversion.yaml b/definitions/apps.kubeblocks.io/clusterversion.yaml new file mode 100644 index 000000000..956743cb9 --- /dev/null +++ b/definitions/apps.kubeblocks.io/clusterversion.yaml @@ -0,0 +1,3280 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: kubeblocks + name: clusterversions.apps.kubeblocks.io +spec: + group: apps.kubeblocks.io + names: + categories: + - kubeblocks + kind: ClusterVersion + listKind: ClusterVersionList + plural: clusterversions + shortNames: + - cv + singular: clusterversion + scope: Cluster + versions: + - additionalPrinterColumns: + - description: ClusterDefinition referenced by cluster. + jsonPath: .spec.clusterDefinitionRef + name: CLUSTER-DEFINITION + type: string + - description: status phase + jsonPath: .status.phase + name: STATUS + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + deprecated: true + deprecationWarning: The ClusterVersion CRD has been deprecated since 0.9.0 + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ClusterVersion is the Schema for the ClusterVersions API. + + + Deprecated: ClusterVersion has been replaced by ComponentVersion since v0.9. + This struct is maintained for backward compatibility and its use is discouraged. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ClusterVersionSpec defines the desired state of ClusterVersion. + + + Deprecated since v0.9. + This struct is maintained for backward compatibility and its use is discouraged. + properties: + clusterDefinitionRef: + description: Specifies a reference to the ClusterDefinition. + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + componentVersions: + description: Contains a list of versioning contexts for the components' + containers. + items: + description: |- + ClusterComponentVersion is an application version component spec. + + + Deprecated since v0.9. + This struct is maintained for backward compatibility and its use is discouraged. + properties: + componentDefRef: + description: Specifies a reference to one of the cluster component + definition names in the ClusterDefinition API (spec.componentDefs.name). + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + configSpecs: + description: |- + Defines a configuration extension mechanism to handle configuration differences between versions. + The configTemplateRefs field, in conjunction with the configTemplateRefs in the ClusterDefinition, determines + the final configuration file. + items: + properties: + asEnvFrom: + description: |- + Specifies the containers to inject the ConfigMap parameters as environment variables. + + + This is useful when application images accept parameters through environment variables and + generate the final configuration file in the startup script based on these variables. + + + This field allows users to specify a list of container names, and KubeBlocks will inject the environment + variables converted from the ConfigMap into these designated containers. This provides a flexible way to + pass the configuration items from the ConfigMap to the container without modifying the image. + + + Deprecated: `asEnvFrom` has been deprecated since 0.9.0 and will be removed in 0.10.0. + Use `injectEnvTo` instead. + items: + type: string + type: array + x-kubernetes-list-type: set + constraintRef: + description: Specifies the name of the referenced configuration + constraints object. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + defaultMode: + description: |- + The operator attempts to set default file permissions for scripts (0555) and configurations (0444). + However, certain database engines may require different file permissions. + You can specify the desired file permissions here. + + + Must be specified as an octal value between 0000 and 0777 (inclusive), + or as a decimal value between 0 and 511 (inclusive). + YAML supports both octal and decimal values for file permissions. + + + Please note that this setting only affects the permissions of the files themselves. + Directories within the specified path are not impacted by this setting. + It's important to be aware that this setting might conflict with other options + that influence the file mode, such as fsGroup. + In such cases, the resulting file mode may have additional bits set. + Refers to documents of k8s.ConfigMapVolumeSource.defaultMode for more information. + format: int32 + type: integer + injectEnvTo: + description: |- + Specifies the containers to inject the ConfigMap parameters as environment variables. + + + This is useful when application images accept parameters through environment variables and + generate the final configuration file in the startup script based on these variables. + + + This field allows users to specify a list of container names, and KubeBlocks will inject the environment + variables converted from the ConfigMap into these designated containers. This provides a flexible way to + pass the configuration items from the ConfigMap to the container without modifying the image. + items: + type: string + type: array + x-kubernetes-list-type: set + keys: + description: |- + Specifies the configuration files within the ConfigMap that support dynamic updates. + + + A configuration template (provided in the form of a ConfigMap) may contain templates for multiple + configuration files. + Each configuration file corresponds to a key in the ConfigMap. + Some of these configuration files may support dynamic modification and reloading without requiring + a pod restart. + + + If empty or omitted, all configuration files in the ConfigMap are assumed to support dynamic updates, + and ConfigConstraint applies to all keys. + items: + type: string + type: array + x-kubernetes-list-type: set + legacyRenderedConfigSpec: + description: |- + Specifies the secondary rendered config spec for pod-specific customization. + + + The template is rendered inside the pod (by the "config-manager" sidecar container) and merged with the main + template's render result to generate the final configuration file. + + + This field is intended to handle scenarios where different pods within the same Component have + varying configurations. It allows for pod-specific customization of the configuration. + + + Note: This field will be deprecated in future versions, and the functionality will be moved to + `cluster.spec.componentSpecs[*].instances[*]`. + properties: + namespace: + default: default + description: |- + Specifies the namespace of the referenced configuration template ConfigMap object. + An empty namespace is equivalent to the "default" namespace. + pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ + type: string + policy: + default: none + description: Defines the strategy for merging externally + imported templates into component templates. + enum: + - patch + - replace + - none + type: string + templateRef: + description: Specifies the name of the referenced + configuration template ConfigMap object. + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + required: + - templateRef + type: object + name: + description: Specifies the name of the configuration template. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + namespace: + default: default + description: |- + Specifies the namespace of the referenced configuration template ConfigMap object. + An empty namespace is equivalent to the "default" namespace. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$ + type: string + reRenderResourceTypes: + description: |- + Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. + + + In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation + or cluster topology. Examples: + + + - Redis: adjust maxmemory after v-scale operation. + - MySQL: increase max connections after v-scale operation. + - Zookeeper: update zoo.cfg with new node addresses after h-scale operation. + items: + description: RerenderResourceType defines the resource + requirements for a component. + enum: + - vscale + - hscale + - tls + - shardingHScale + type: string + type: array + x-kubernetes-list-type: set + templateRef: + description: Specifies the name of the referenced configuration + template ConfigMap object. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + volumeName: + description: |- + Refers to the volume name of PodTemplate. The configuration file produced through the configuration + template will be mounted to the corresponding volume. Must be a DNS_LABEL name. + The volume name must be defined in podSpec.containers[*].volumeMounts. + maxLength: 63 + pattern: ^[a-z]([a-z0-9\-]*[a-z0-9])?$ + type: string + required: + - name + - templateRef + - volumeName + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + switchoverSpec: + description: |- + Defines the images for the component to perform a switchover. + This overrides the image and env attributes defined in clusterDefinition.spec.componentDefs.SwitchoverSpec.CommandExecutorEnvItem. + properties: + cmdExecutorConfig: + description: Represents the configuration for the command + executor. + properties: + env: + description: A list of environment variables that will + be injected into the command execution context. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + image: + description: Specifies the image used to execute the + command. + type: string + required: + - image + type: object + required: + - cmdExecutorConfig + type: object + systemAccountSpec: + description: |- + Defines the image for the component to connect to databases or engines. + This overrides the `image` and `env` attributes defined in clusterDefinition.spec.componentDefs.systemAccountSpec.cmdExecutorConfig. + To clear default environment settings, set systemAccountSpec.cmdExecutorConfig.env to an empty list. + properties: + cmdExecutorConfig: + description: Configures the method for obtaining the client + SDK and executing statements. + properties: + env: + description: A list of environment variables that will + be injected into the command execution context. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + image: + description: Specifies the image used to execute the + command. + type: string + required: + - image + type: object + required: + - cmdExecutorConfig + type: object + versionsContext: + description: |- + Defines the context for container images for component versions. + This value replaces the values in clusterDefinition.spec.componentDefs.podSpec.[initContainers | containers]. + properties: + containers: + description: |- + Provides override values for ClusterDefinition.spec.componentDefs.podSpec.containers. + Typically used in scenarios such as updating application container images. + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-preserve-unknown-fields: true + initContainers: + description: |- + Provides override values for ClusterDefinition.spec.componentDefs.podSpec.initContainers. + Typically used in scenarios such as updating application container images. + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-preserve-unknown-fields: true + type: object + required: + - componentDefRef + - versionsContext + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - componentDefRef + x-kubernetes-list-type: map + required: + - clusterDefinitionRef + - componentVersions + type: object + status: + description: |- + ClusterVersionStatus defines the observed state of ClusterVersion. + + + Deprecated since v0.9. + This struct is maintained for backward compatibility and its use is discouraged. + properties: + clusterDefGeneration: + description: The generation number of the ClusterDefinition that is + currently being referenced. + format: int64 + type: integer + message: + description: Provides additional information about the current phase. + type: string + observedGeneration: + description: The generation number that has been observed by the controller. + format: int64 + type: integer + phase: + description: The current phase of the ClusterVersion. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/apps.kubeblocks.io/componentclassdefinition.yaml b/definitions/apps.kubeblocks.io/componentclassdefinition.yaml new file mode 100644 index 000000000..2a750d79d --- /dev/null +++ b/definitions/apps.kubeblocks.io/componentclassdefinition.yaml @@ -0,0 +1,167 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: kubeblocks + name: componentclassdefinitions.apps.kubeblocks.io +spec: + group: apps.kubeblocks.io + names: + categories: + - kubeblocks + kind: ComponentClassDefinition + listKind: ComponentClassDefinitionList + plural: componentclassdefinitions + shortNames: + - ccd + singular: componentclassdefinition + scope: Cluster + versions: + - deprecated: true + deprecationWarning: Due to the lack of practical use cases, this API is deprecated + from KB 0.9.0. + name: v1alpha1 + schema: + openAPIV3Schema: + description: ComponentClassDefinition is the Schema for the componentclassdefinitions + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ComponentClassDefinitionSpec defines the desired state of + ComponentClassDefinition + properties: + groups: + description: group defines a list of class series that conform to + the same constraint. + items: + properties: + series: + description: series is a series of class definitions. + items: + properties: + classes: + description: |- + classes are definitions of classes that come in two forms. In the first form, only ComponentClass.Args + need to be defined, and the complete class definition is generated by rendering the ComponentClassGroup.Template + and Name. In the second form, the Name, CPU and Memory must be defined. + items: + properties: + args: + description: args are variable's value + items: + type: string + type: array + cpu: + anyOf: + - type: integer + - type: string + description: the CPU of the class + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: the memory of the class + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: name is the class name + type: string + type: object + type: array + namingTemplate: + description: |- + namingTemplate is a template that uses the Go template syntax and allows for referencing variables defined + in ComponentClassGroup.Template. This enables dynamic generation of class names. + For example: + name: "general-{{ .cpu }}c{{ .memory }}g" + type: string + type: object + type: array + template: + description: "template is a class definition template that uses + the Go template syntax and allows for variable declaration.\nWhen + defining a class in Series, specifying the variable's value + is sufficient, as the complete class\ndefinition will be generated + through rendering the template.\n\n\nFor example:\n\n\n```yaml\ntemplate: + |\n\t cpu: \"{{ or .cpu 1 }}\"\n\t memory: \"{{ or .memory + 4 }}Gi\"\n```" + type: string + vars: + description: |- + vars defines the variables declared in the template and will be used to generating the complete class definition by + render the template. + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + type: object + status: + description: ComponentClassDefinitionStatus defines the observed state + of ComponentClassDefinition + properties: + classes: + description: classes is the list of classes that have been observed + for this ComponentClassDefinition + items: + properties: + args: + description: args are variable's value + items: + type: string + type: array + cpu: + anyOf: + - type: integer + - type: string + description: the CPU of the class + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: the memory of the class + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: name is the class name + type: string + type: object + type: array + observedGeneration: + description: |- + observedGeneration is the most recent generation observed for this + ComponentClassDefinition. It corresponds to the ComponentClassDefinition's generation, which is + updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/apps.kubeblocks.io/componentresourceconstraint.yaml b/definitions/apps.kubeblocks.io/componentresourceconstraint.yaml new file mode 100644 index 000000000..9f6cec2a8 --- /dev/null +++ b/definitions/apps.kubeblocks.io/componentresourceconstraint.yaml @@ -0,0 +1,243 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: kubeblocks + name: componentresourceconstraints.apps.kubeblocks.io +spec: + group: apps.kubeblocks.io + names: + categories: + - kubeblocks + kind: ComponentResourceConstraint + listKind: ComponentResourceConstraintList + plural: componentresourceconstraints + shortNames: + - crc + singular: componentresourceconstraint + scope: Cluster + versions: + - deprecated: true + deprecationWarning: Due to the lack of practical use cases, this API is deprecated + from KB 0.9.0. + name: v1alpha1 + schema: + openAPIV3Schema: + description: ComponentResourceConstraint is the Schema for the componentresourceconstraints + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ComponentResourceConstraintSpec defines the desired state + of ComponentResourceConstraint + properties: + componentSelector: + description: componentSelector is used to bind the resource constraint + to components based on ComponentDefinition API. + items: + properties: + componentDefRef: + description: |- + In versions prior to KB 0.8.0, ComponentDefRef is the name of the component definition in the ClusterDefinition. + In KB 0.8.0 and later versions, ComponentDefRef is the name of ComponentDefinition. + type: string + rules: + description: rules are the constraint rules that will be applied + to the component. + items: + type: string + type: array + required: + - componentDefRef + - rules + type: object + type: array + x-kubernetes-list-map-keys: + - componentDefRef + x-kubernetes-list-type: map + rules: + description: Component resource constraint rules. + items: + properties: + cpu: + description: The constraint for vcpu cores. + properties: + max: + anyOf: + - type: integer + - type: string + description: |- + The maximum count of vcpu cores, [Min, Max] defines a range for valid vcpu cores, and the value in this range + must be multiple times of Step. It's useful to define a large number of valid values without defining them one by + one. Please see the documentation for Step for some examples. + If Slots is specified, Max, Min, and Step are ignored + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + min: + anyOf: + - type: integer + - type: string + description: |- + The minimum count of vcpu cores, [Min, Max] defines a range for valid vcpu cores, and the value in this range + must be multiple times of Step. It's useful to define a large number of valid values without defining them one by + one. Please see the documentation for Step for some examples. + If Slots is specified, Max, Min, and Step are ignored + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + slots: + description: |- + The valid vcpu cores, it's useful if you want to define valid vcpu cores explicitly. + If Slots is specified, Max, Min, and Step are ignored + items: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: array + step: + anyOf: + - type: integer + - type: string + description: |- + The minimum granularity of vcpu cores, [Min, Max] defines a range for valid vcpu cores and the value in this range must be + multiple times of Step. + For example: + 1. Min is 2, Max is 8, Step is 2, and the valid vcpu core is {2, 4, 6, 8}. + 2. Min is 0.5, Max is 2, Step is 0.5, and the valid vcpu core is {0.5, 1, 1.5, 2}. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + memory: + description: The constraint for memory size. + properties: + maxPerCPU: + anyOf: + - type: integer + - type: string + description: |- + The maximum size of memory per vcpu core, [MinPerCPU, MaxPerCPU] defines a range for valid memory size per vcpu core. + It is useful on GCP as the ratio between the CPU and memory may be a range. + If SizePerCPU is specified, MinPerCPU and MaxPerCPU are ignored. + Reference: https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + minPerCPU: + anyOf: + - type: integer + - type: string + description: |- + The minimum size of memory per vcpu core, [MinPerCPU, MaxPerCPU] defines a range for valid memory size per vcpu core. + It is useful on GCP as the ratio between the CPU and memory may be a range. + If SizePerCPU is specified, MinPerCPU and MaxPerCPU are ignored. + Reference: https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + sizePerCPU: + anyOf: + - type: integer + - type: string + description: |- + The size of memory per vcpu core. + For example: 1Gi, 200Mi. + If SizePerCPU is specified, MinPerCPU and MaxPerCPU are ignore. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + description: The name of the constraint. + type: string + storage: + description: The constraint for storage size. + properties: + max: + anyOf: + - type: integer + - type: string + default: 10Ti + description: The maximum size of storage. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + min: + anyOf: + - type: integer + - type: string + default: 20Gi + description: The minimum size of storage. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + required: + - cpu + - memory + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + selector: + description: selector is used to bind the resource constraint to cluster + definitions based on ClusterDefinition API. + items: + properties: + clusterDefRef: + description: clusterDefRef is the name of the cluster definition. + type: string + components: + description: selector is used to bind the resource constraint + to components. + items: + properties: + componentDefRef: + description: |- + In versions prior to KB 0.8.0, ComponentDefRef is the name of the component definition in the ClusterDefinition. + In KB 0.8.0 and later versions, ComponentDefRef is the name of ComponentDefinition. + type: string + rules: + description: rules are the constraint rules that will + be applied to the component. + items: + type: string + type: array + required: + - componentDefRef + - rules + type: object + type: array + x-kubernetes-list-map-keys: + - componentDefRef + x-kubernetes-list-type: map + required: + - clusterDefRef + - components + type: object + type: array + x-kubernetes-list-map-keys: + - clusterDefRef + x-kubernetes-list-type: map + required: + - rules + type: object + type: object + served: true + storage: true + diff --git a/definitions/apps.kubeblocks.io/opsdefinition.yaml b/definitions/apps.kubeblocks.io/opsdefinition.yaml new file mode 100644 index 000000000..d796bfcec --- /dev/null +++ b/definitions/apps.kubeblocks.io/opsdefinition.yaml @@ -0,0 +1,7908 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: kubeblocks + name: opsdefinitions.apps.kubeblocks.io +spec: + group: apps.kubeblocks.io + names: + categories: + - kubeblocks + kind: OpsDefinition + listKind: OpsDefinitionList + plural: opsdefinitions + shortNames: + - od + singular: opsdefinition + scope: Cluster + versions: + - additionalPrinterColumns: + - description: OpsDefinition status phase. + jsonPath: .status.phase + name: STATUS + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: OpsDefinition is the Schema for the OpsDefinitions API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OpsDefinitionSpec defines the desired state of OpsDefinition. + properties: + actions: + description: Specifies a list of OpsAction where each customized action + is executed sequentially. + items: + description: |- + OpsAction specifies a custom action defined in OpsDefinition for execution in a "Custom" OpsRequest. + + + OpsAction can be of three types: + + + - workload: Creates a Job or Pod to run custom scripts, ideal for isolated or long-running tasks. + - exec: Executes commands directly within an existing container using the kubectl exec interface, + suitable for immediate, short-lived operations. + - resourceModifier: Modifies a K8s object using JSON patches, useful for updating the spec of some resource. + properties: + exec: + description: |- + Specifies the configuration for a 'exec' action. + It creates a Pod and invokes a 'kubectl exec' to run command inside a specified container with the target Pod. + properties: + backoffLimit: + default: 0 + description: Specifies the number of retries allowed before + marking the action as failed. + format: int32 + minimum: 0 + type: integer + command: + description: The command to be executed via 'kubectl exec + --'. + items: + type: string + minItems: 1 + type: array + containerName: + description: |- + The name of the container in the target pod where the command should be executed. + This corresponds to the `-c {containerName}` option in `kubectl exec`. + + + If not set, the first container is used. + type: string + podInfoExtractorName: + description: Specifies a PodInfoExtractor defined in the + `opsDefinition.spec.podInfoExtractors`. + type: string + required: + - command + - podInfoExtractorName + type: object + failurePolicy: + allOf: + - enum: + - Ignore + - Fail + - enum: + - Ignore + - Fail + default: Fail + description: |- + Specifies the failure policy of the OpsAction. + Valid values are: + + + - "Fail": Marks the entire OpsRequest as failed if the action fails. + - "Ignore": The OpsRequest continues processing despite the failure of the action. + type: string + name: + description: Specifies the name of the OpsAction. + maxLength: 20 + type: string + parameters: + description: |- + Specifies the parameters for the OpsAction. Their usage varies based on the action type: + + + - For 'workload' or 'exec' actions, parameters are injected as environment variables. + - For 'resourceModifier' actions, parameter can be referenced using $() in fields + `resourceModifier.completionProbe.matchExpressions` and `resourceModifier.jsonPatches[*].value`. + items: + type: string + type: array + resourceModifier: + description: |- + Specifies the configuration for a 'resourceModifier' action. + This action allows for modifications to existing K8s objects. + + + Note: This feature has not been implemented yet. + properties: + completionProbe: + description: |- + Specifies a method to determine if the action has been completed. + + + Note: This feature has not been implemented yet. + properties: + initialDelaySeconds: + default: 5 + description: |- + Specifies the number of seconds to wait after the resource has been patched before initiating completion probes. + The default value is 5 seconds, with a minimum value of 1. + format: int32 + minimum: 1 + type: integer + matchExpressions: + description: Executes expressions regularly, based on + the value of PeriodSeconds, to determine if the action + has been completed. + properties: + failure: + description: |- + Specifies a failure condition for an action using a Go template expression. + Should evaluate to either `true` or `false`. + The current resource object is parsed into the Go template. + for example, you can use '{{ eq .spec.replicas 1 }}'. + type: string + success: + description: |- + Specifies a success condition for an action using a Go template expression. + Should evaluate to either `true` or `false`. + The current resource object is parsed into the Go template. + for example, using '{{ eq .spec.replicas 1 }}' + type: string + required: + - success + type: object + periodSeconds: + default: 5 + description: |- + Specifies the frequency (in seconds) at which the probe should be performed. + The default value is 5 seconds, with a minimum value of 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + default: 60 + description: |- + Specifies the number of seconds after which the probe times out. + The default value is 60 seconds, with a minimum value of 1. + format: int32 + minimum: 1 + type: integer + required: + - matchExpressions + type: object + jsonPatches: + description: Specifies a list of patches for modifying the + object. + items: + properties: + op: + description: 'Specifies the type of JSON patch operation. + It supports the following values: ''add'', ''remove'', + ''replace''.' + enum: + - add + - remove + - replace + type: string + path: + description: Specifies the json patch path. + type: string + value: + description: Specifies the value to be used in the + JSON patch operation. + type: string + required: + - op + - path + - value + type: object + minItems: 1 + type: array + resource: + description: Specifies the K8s object that is to be updated. + properties: + apiGroup: + description: |- + Specifies the group for the resource being referenced. + If not specified, the referenced Kind must belong to the core API group. + For all third-party types, this is mandatory. + type: string + kind: + description: Specifies the type of resource being referenced. + type: string + name: + description: Indicates the name of the resource being + referenced. + type: string + required: + - apiGroup + - kind + - name + type: object + required: + - completionProbe + - jsonPatches + - resource + type: object + workload: + description: |- + Specifies the configuration for a 'workload' action. + This action leads to the creation of a K8s workload, such as a Pod or Job, to execute specified tasks. + properties: + backoffLimit: + default: 0 + description: Specifies the number of retries allowed before + marking the action as failed. + format: int32 + minimum: 0 + type: integer + podInfoExtractorName: + description: Specifies a PodInfoExtractor defined in the + `opsDefinition.spec.podInfoExtractors`. + type: string + podSpec: + description: Specifies the PodSpec of the 'workload' action. + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + + + To add an ephemeral container, use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. If the runtime does not + support namespace targeting then the result of setting this field is undefined. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. Setting false is useful for + mitigating container breakout vulnerabilities even allowing users to run their + containers as root without actually having root privileges on the host. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + The resourceRequirements of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and then using the max of + of that value or the sum of the normal containers. Limits are applied to init containers + in a similar fashion. + Init containers cannot currently be added or removed. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls + - spec.shareProcessNamespace + - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged + - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount + - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: + description: |- + Defines the workload type of the action. Valid values include "Job" and "Pod". + + + - "Job": Creates a Job to execute the action. + - "Pod": Creates a Pod to execute the action. + Note: unlike Jobs, manually deleting a Pod does not affect the `backoffLimit`. + enum: + - Job + - Pod + type: string + required: + - podSpec + - type + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: at least one action exists for workload, exec and resourceModifier. + rule: has(self.workload) || has(self.exec) || has(self.resourceModifier) + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + componentInfos: + description: |- + Specifies a list of ComponentDefinition for Components associated with this OpsDefinition. + It also includes connection credentials (address and account) for each Component. + items: + properties: + accountName: + description: |- + Specifies the account name associated with the Component. + If set, the corresponding account username and password are injected into containers' environment variables + `KB_ACCOUNT_USERNAME` and `KB_ACCOUNT_PASSWORD`. + type: string + componentDefinitionName: + description: |- + Specifies the name of the ComponentDefinition. + The name can represent an exact name, a name prefix, or a regular expression pattern. + + + For example: + + + - "mysql-8.0.30-v1alpha1": Matches the exact name "mysql-8.0.30-v1alpha1" + - "mysql-8.0.30": Matches all names starting with "mysql-8.0.30" + - "^mysql-8.0.\d{1,2}$": Matches all names starting with "mysql-8.0." followed by one or two digits. + maxLength: 32 + type: string + imageMappings: + description: ImageMappings specifies the mapping from service + versions to image addresses. + items: + properties: + images: + additionalProperties: + type: string + description: |- + Images are the container image addresses to use for the matched service versions. + Key is the container name, and value is the image address. + type: object + serviceVersions: + description: ServiceVersions is a list of service versions + that this mapping applies to. + items: + type: string + type: array + required: + - images + - serviceVersions + type: object + type: array + serviceName: + description: |- + Specifies the name of the Service. + If set, the service name is injected as the `KB_COMP_SVC_NAME` environment variable in the containers, + and each service port is mapped to a corresponding environment variable named `KB_COMP_SVC_PORT_$(portName)`. + The `portName` is transformed by replacing '-' with '_' and converting to uppercase. + type: string + required: + - componentDefinitionName + type: object + type: array + x-kubernetes-list-map-keys: + - componentDefinitionName + x-kubernetes-list-type: map + parametersSchema: + description: Specifies the schema for validating the data types and + value ranges of parameters in OpsActions before their usage. + properties: + openAPIV3Schema: + description: |- + Defines the schema for parameters using the OpenAPI v3. + The supported property types include: + - string + - number + - integer + - array: Note that only items of string type are supported. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + podInfoExtractors: + description: |- + Specifies a list of PodInfoExtractor, each designed to select a specific Pod and extract selected runtime info + from its PodSpec. + The extracted information, such as environment variables, volumes and tolerations, are then injected into + Jobs or Pods that execute the OpsActions defined in `actions`. + items: + properties: + env: + description: |- + Specifies a list of environment variables to be extracted from a selected Pod, + and injected into the containers executing each OpsAction. + items: + properties: + name: + description: |- + Specifies the name of the environment variable to be injected into Pods executing OpsActions. + It must conform to the C_IDENTIFIER format, which includes only alphanumeric characters and underscores, and cannot begin with a digit. + type: string + optional: + description: Specify whether the ENV must be defined. + type: boolean + valueFrom: + description: Specifies the source of the environment variable's + value. + properties: + envRef: + description: |- + Specifies a reference to a specific environment variable within a container. + Used to specify the source of the variable, which can be either "env" or "envFrom". + properties: + envName: + description: |- + Defines the name of the environment variable. + This name can originate from an 'env' entry or be a data key from an 'envFrom' source. + type: string + targetContainerName: + description: |- + Specifies the container name in the target Pod. + If not specified, the first container will be used by default. + type: string + required: + - envName + type: object + fieldPath: + description: |- + Represents the JSONPath expression pointing to the specific data within the JSON structure of the target Pod. + It is used to extract precise data locations for operations on the Pod. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + type: object + x-kubernetes-validations: + - message: either fieldPath and envRef. + rule: has(self.envRef) || has(self.fieldPath) + required: + - name + - valueFrom + type: object + type: array + name: + description: Specifies the name of the PodInfoExtractor. + maxLength: 32 + type: string + podSelector: + description: Used to select the target Pod from which environment + variables and volumes are extracted from its PodSpec. + properties: + multiPodSelectionPolicy: + default: Any + description: |- + Defines the policy for selecting the target pod when multiple pods match the podSelector. + It can be either 'Any' (select any one pod that matches the podSelector) + or 'All' (select all pods that match the podSelector). + enum: + - All + - Any + type: string + role: + description: Specifies the role of the target Pod. + type: string + type: object + volumeMounts: + description: |- + Specifies a list of volumes, along with their respective mount points, that are to be extracted from a selected Pod, + and mounted onto the containers executing each OpsAction. + This allows the containers to access shared or persistent data necessary for the operation. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - name + - podSelector + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + preConditions: + description: |- + Specifies the preconditions that must be met to run the actions for the operation. + if set, it will check the condition before the Component runs this operation. + Example: + ```yaml + preConditions: + - rule: + expression: '{{ eq .component.status.phase "Running" }}' + message: Component is not in Running status. + ``` + items: + properties: + rule: + description: Specifies the conditions that must be met for the + operation to execute. + properties: + expression: + description: |- + Specifies a Go template expression that determines how the operation can be executed. + The return value must be either `true` or `false`. + Available built-in objects that can be referenced in the expression include: + + + - `params`: Input parameters. + - `cluster`: The referenced Cluster object. + - `component`: The referenced Component object. + type: string + message: + description: Specifies the error or status message reported + if the `expression` does not evaluate to `true`. + type: string + required: + - expression + - message + type: object + type: object + type: array + required: + - actions + type: object + status: + description: OpsDefinitionStatus defines the observed state of OpsDefinition + properties: + message: + description: Provides additional information about the current phase. + type: string + observedGeneration: + description: Represents the most recent generation observed of this + OpsDefinition. + format: int64 + type: integer + phase: + description: |- + Represents the current state of the OpsDefinition. + Valid values are "", "Available", "Unavailable". + When it equals to "Available", the OpsDefinition is ready and can be used in a "Custom" OpsRequest. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/apps.kubeblocks.io/opsrequest.yaml b/definitions/apps.kubeblocks.io/opsrequest.yaml new file mode 100644 index 000000000..7577e87bc --- /dev/null +++ b/definitions/apps.kubeblocks.io/opsrequest.yaml @@ -0,0 +1,9258 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: kubeblocks + name: opsrequests.apps.kubeblocks.io +spec: + group: apps.kubeblocks.io + names: + categories: + - kubeblocks + kind: OpsRequest + listKind: OpsRequestList + plural: opsrequests + shortNames: + - ops + singular: opsrequest + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Operation request type. + jsonPath: .spec.type + name: TYPE + type: string + - description: Operand cluster. + jsonPath: .spec.clusterName + name: CLUSTER + type: string + - description: Operation status phase. + jsonPath: .status.phase + name: STATUS + type: string + - description: Operation processing progress. + jsonPath: .status.progress + name: PROGRESS + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: OpsRequest is the Schema for the opsrequests API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OpsRequestSpec defines the desired state of OpsRequest + properties: + backup: + description: Specifies the parameters to backup a Cluster. + properties: + backupMethod: + description: |- + Specifies the name of BackupMethod. + The specified BackupMethod must be defined in the BackupPolicy. + type: string + backupName: + description: Specifies the name of the Backup custom resource. + type: string + backupPolicyName: + description: Indicates the name of the BackupPolicy applied to + perform this Backup. + type: string + deletionPolicy: + default: Delete + description: |- + Determines whether the backup contents stored in backup repository + should be deleted when the Backup custom resource is deleted. + Supported values are `Retain` and `Delete`. + - `Retain` means that the backup content and its physical snapshot on backup repository are kept. + - `Delete` means that the backup content and its physical snapshot on backup repository are deleted. + enum: + - Delete + - Retain + type: string + parameters: + description: |- + Specifies a list of name-value pairs representing parameters and their corresponding values. + Parameters match the schema specified in the `actionset.spec.parametersSchema` + items: + properties: + name: + description: Represents the name of the parameter. + type: string + value: + description: Represents the parameter values. + type: string + required: + - name + - value + type: object + maxItems: 128 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update parameters + rule: self == oldSelf + parentBackupName: + description: If the specified BackupMethod is incremental, `parentBackupName` + is required. + type: string + retentionPeriod: + description: |- + Determines the duration for which the Backup custom resources should be retained. + + + The controller will automatically remove all Backup objects that are older than the specified RetentionPeriod. + For example, RetentionPeriod of `30d` will keep only the Backup objects of last 30 days. + Sample duration format: + + + - years: 2y + - months: 6mo + - days: 30d + - hours: 12h + - minutes: 30m + + + You can also combine the above durations. For example: 30d12h30m. + If not set, the Backup objects will be kept forever. + + + If the `deletionPolicy` is set to 'Delete', then the associated backup data will also be deleted + along with the Backup object. + Otherwise, only the Backup custom resource will be deleted. + type: string + type: object + x-kubernetes-validations: + - message: forbidden to update backup.parameters + rule: has(oldSelf.parameters) == has(self.parameters) + backupSpec: + description: |- + Deprecated: since v0.9, use backup instead. + Specifies the parameters to backup a Cluster. + properties: + backupMethod: + description: |- + Specifies the name of BackupMethod. + The specified BackupMethod must be defined in the BackupPolicy. + type: string + backupName: + description: Specifies the name of the Backup custom resource. + type: string + backupPolicyName: + description: Indicates the name of the BackupPolicy applied to + perform this Backup. + type: string + deletionPolicy: + default: Delete + description: |- + Determines whether the backup contents stored in backup repository + should be deleted when the Backup custom resource is deleted. + Supported values are `Retain` and `Delete`. + - `Retain` means that the backup content and its physical snapshot on backup repository are kept. + - `Delete` means that the backup content and its physical snapshot on backup repository are deleted. + enum: + - Delete + - Retain + type: string + parameters: + description: |- + Specifies a list of name-value pairs representing parameters and their corresponding values. + Parameters match the schema specified in the `actionset.spec.parametersSchema` + items: + properties: + name: + description: Represents the name of the parameter. + type: string + value: + description: Represents the parameter values. + type: string + required: + - name + - value + type: object + maxItems: 128 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update parameters + rule: self == oldSelf + parentBackupName: + description: If the specified BackupMethod is incremental, `parentBackupName` + is required. + type: string + retentionPeriod: + description: |- + Determines the duration for which the Backup custom resources should be retained. + + + The controller will automatically remove all Backup objects that are older than the specified RetentionPeriod. + For example, RetentionPeriod of `30d` will keep only the Backup objects of last 30 days. + Sample duration format: + + + - years: 2y + - months: 6mo + - days: 30d + - hours: 12h + - minutes: 30m + + + You can also combine the above durations. For example: 30d12h30m. + If not set, the Backup objects will be kept forever. + + + If the `deletionPolicy` is set to 'Delete', then the associated backup data will also be deleted + along with the Backup object. + Otherwise, only the Backup custom resource will be deleted. + type: string + type: object + cancel: + description: |- + Indicates whether the current operation should be canceled and terminated gracefully if it's in the + "Pending", "Creating", or "Running" state. + + + This field applies only to "VerticalScaling" and "HorizontalScaling" opsRequests. + + + Note: Setting `cancel` to true is irreversible; further modifications to this field are ineffective. + type: boolean + clusterName: + description: Specifies the name of the Cluster resource that this + operation is targeting. + type: string + x-kubernetes-validations: + - message: forbidden to update spec.clusterName + rule: self == oldSelf + clusterRef: + description: |- + Deprecated: since v0.9, use clusterName instead. + Specifies the name of the Cluster resource that this operation is targeting. + type: string + x-kubernetes-validations: + - message: forbidden to update spec.clusterRef + rule: self == oldSelf + custom: + description: Specifies a custom operation defined by OpsDefinition. + properties: + components: + description: |- + Specifies the components and their parameters for executing custom actions as defined in OpsDefinition. + Requires at least one component. + items: + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + parameters: + description: Specifies the parameters that match the schema + specified in the `opsDefinition.spec.parametersSchema`. + items: + properties: + name: + description: Specifies the identifier of the parameter + as defined in the OpsDefinition. + type: string + value: + description: |- + Holds the data associated with the parameter. + If the parameter type is an array, the format should be "v1,v2,v3". + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - componentName + type: object + maxItems: 1024 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + maxConcurrentComponents: + anyOf: + - type: integer + - type: string + description: |- + Specifies the maximum number of components to be operated on concurrently to mitigate performance impact + on clusters with multiple components. + + + It accepts an absolute number (e.g., 5) or a percentage of components to execute in parallel (e.g., "10%"). + Percentages are rounded up to the nearest whole number of components. + For example, if "10%" results in less than one, it rounds up to 1. + + + When unspecified, all components are processed simultaneously by default. + + + Note: This feature is not implemented yet. + x-kubernetes-int-or-string: true + opsDefinitionName: + description: Specifies the name of the OpsDefinition. + type: string + serviceAccountName: + description: Specifies the name of the ServiceAccount to be used + for executing the custom operation. + type: string + required: + - components + - opsDefinitionName + type: object + enqueueOnForce: + default: false + description: Indicates whether opsRequest should continue to queue + when 'force' is set to true. + type: boolean + expose: + description: Lists Expose objects, each specifying a Component and + its services to be exposed. + items: + properties: + componentName: + description: Specifies the name of the Component. + type: string + services: + description: |- + Specifies a list of OpsService. + When an OpsService is exposed, a corresponding ClusterService will be added to `cluster.spec.services`. + On the other hand, when an OpsService is unexposed, the corresponding ClusterService will be removed + from `cluster.spec.services`. + + + Note: If `componentName` is not specified, the `ports` and `selector` fields must be provided + in each OpsService definition. + items: + description: OpsService represents the parameters to dynamically + create or remove a ClusterService in the `cluster.spec.services` + array. + properties: + annotations: + additionalProperties: + type: string + description: |- + Contains cloud provider related parameters if ServiceType is LoadBalancer. + + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. + type: object + ipFamilies: + description: |- + A list of IP families (e.g., IPv4, IPv6) assigned to this Service. + + + Usually assigned automatically based on the cluster configuration and the `ipFamilyPolicy` field. + If specified manually, the requested IP family must be available in the cluster and allowed by the `ipFamilyPolicy`. + If the requested IP family is not available or not allowed, the Service creation will fail. + + + Valid values: + + + - "IPv4" + - "IPv6" + + + This field may hold a maximum of two entries (dual-stack families, in either order). + + + Common combinations of `ipFamilies` and `ipFamilyPolicy` are: + + + - ipFamilies=[] + ipFamilyPolicy="PreferDualStack" : + The Service prefers dual-stack but can fall back to single-stack if the cluster does not support dual-stack. + The IP family is automatically assigned based on the cluster configuration. + - ipFamilies=["IPV4","IPV6"] + ipFamilyPolicy="RequiredDualStack" : + The Service requires dual-stack and will only be created if the cluster supports both IPv4 and IPv6. + The primary IP family is IPV4. + - ipFamilies=["IPV6","IPV4"] + ipFamilyPolicy="RequiredDualStack" : + The Service requires dual-stack and will only be created if the cluster supports both IPv4 and IPv6. + The primary IP family is IPV6. + - ipFamilies=["IPV4"] + ipFamilyPolicy="SingleStack" : + The Service uses a single-stack with IPv4 only. + - ipFamilies=["IPV6"] + ipFamilyPolicy="SingleStack" : + The Service uses a single-stack with IPv6 only. + items: + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: |- + Specifies whether the Service should use a single IP family (SingleStack) or two IP families (DualStack). + + + Possible values: + + + - 'SingleStack' (default) : The Service uses a single IP family. + If no value is provided, IPFamilyPolicy defaults to SingleStack. + - 'PreferDualStack' : The Service prefers to use two IP families on dual-stack configured clusters + or a single IP family on single-stack clusters. + - 'RequiredDualStack' : The Service requires two IP families on dual-stack configured clusters. + If the cluster is not configured for dual-stack, the Service creation fails. + type: string + name: + description: |- + Specifies the name of the Service. This name is used to set `clusterService.name`. + + + Note: This field cannot be updated. + type: string + podSelector: + additionalProperties: + type: string + description: |- + Routes service traffic to pods with matching label keys and values. + If specified, the service will only be exposed to pods matching the selector. + + + Note: If the component has roles, at least one of 'roleSelector' or 'podSelector' must be specified. + If both are specified, a pod must match both conditions to be selected. + type: object + x-kubernetes-map-type: atomic + ports: + description: |- + Specifies Port definitions that are to be exposed by a ClusterService. + + + If not specified, the Port definitions from non-NodePort and non-LoadBalancer type ComponentService + defined in the ComponentDefinition (`componentDefinition.spec.services`) will be used. + If no matching ComponentService is found, the expose operation will fail. + + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. + type: string + name: + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + roleSelector: + description: |- + Specifies a role to target with the service. + If specified, the service will only be exposed to pods with the matching role. + + + Note: If the component has roles, at least one of 'roleSelector' or 'podSelector' must be specified. + If both are specified, a pod must match both conditions to be selected. + type: string + serviceType: + description: |- + Determines how the Service is exposed. Defaults to 'ClusterIP'. + Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`. + + + - `ClusterIP`: allocates a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is not specified, + they are determined by manual construction of an Endpoints object or EndpointSlice objects. + - `NodePort`: builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. + - `LoadBalancer`: builds on NodePort and creates an external load-balancer (if supported in the current cloud) + which routes to the same endpoints as the clusterIP. + + + Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for the expose operation. + + + For more info, see: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types. + type: string + required: + - name + type: object + type: array + switch: + description: |- + Indicates whether the services will be exposed. + 'Enable' exposes the services. while 'Disable' removes the exposed Service. + enum: + - Enable + - Disable + type: string + required: + - services + - switch + type: object + type: array + force: + description: |- + Instructs the system to bypass pre-checks (including cluster state checks and customized pre-conditions hooks) + and immediately execute the opsRequest, except for the opsRequest of 'Start' type, which will still undergo + pre-checks even if `force` is true. + + + This is useful for concurrent execution of 'VerticalScaling' and 'HorizontalScaling' opsRequests. + By setting `force` to true, you can bypass the default checks and demand these opsRequests to run + simultaneously. + + + Note: Once set, the `force` field is immutable and cannot be updated. + type: boolean + x-kubernetes-validations: + - message: forbidden to update spec.force + rule: self == oldSelf + horizontalScaling: + description: |- + Lists HorizontalScaling objects, each specifying scaling requirements for a Component, + including desired replica changes, configurations for new instances, modifications for existing instances, + and take offline/online the specified instances. + items: + description: HorizontalScaling defines the parameters of a horizontal + scaling operation. + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + replicas: + description: |- + Deprecated: since v0.9, use scaleOut and scaleIn instead. + Specifies the number of replicas for the component. Cannot be used with "scaleIn" and "scaleOut". + format: int32 + minimum: 0 + type: integer + scaleIn: + description: |- + Specifies the replica changes for scaling in components and instance templates, + and takes specified instances offline. Can be used in conjunction with the "scaleOut" operation. + Note: Any configuration that creates instances is considered invalid. + properties: + instances: + description: |- + Modifies the desired replicas count for existing InstanceTemplate. + if the inst + items: + description: InstanceReplicasTemplate defines the template + for instance replicas. + properties: + name: + description: Specifies the name of the instance template. + type: string + replicaChanges: + description: Specifies the replica changes for the + instance template. + format: int32 + minimum: 0 + type: integer + required: + - name + - replicaChanges + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + onlineInstancesToOffline: + description: Specifies the instance names that need to be + taken offline. + items: + type: string + type: array + replicaChanges: + description: Specifies the replica changes for the component. + format: int32 + minimum: 0 + type: integer + type: object + scaleOut: + description: |- + Specifies the replica changes for scaling out components and instance templates, + and brings offline instances back online. Can be used in conjunction with the "scaleIn" operation. + Note: Any configuration that deletes instances is considered invalid. + properties: + instances: + description: |- + Modifies the desired replicas count for existing InstanceTemplate. + if the inst + items: + description: InstanceReplicasTemplate defines the template + for instance replicas. + properties: + name: + description: Specifies the name of the instance template. + type: string + replicaChanges: + description: Specifies the replica changes for the + instance template. + format: int32 + minimum: 0 + type: integer + required: + - name + - replicaChanges + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + newInstances: + description: |- + Defines the configuration for new instances added during scaling, including resource requirements, labels, annotations, etc. + New instances are created based on the provided instance templates. + items: + description: InstanceTemplate allows customization of + individual replica configurations in a Component. + properties: + annotations: + additionalProperties: + type: string + description: |- + Specifies a map of key-value pairs to be merged into the Pod's existing annotations. + Existing keys will have their values overwritten, while new keys will be added to the annotations. + type: object + env: + description: |- + Defines Env to override. + Add new or override existing envs. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Specifies an override for the first container's + image in the Pod. + type: string + labels: + additionalProperties: + type: string + description: |- + Specifies a map of key-value pairs that will be merged into the Pod's existing labels. + Values for existing keys will be overwritten, and new keys will be added. + type: object + name: + description: |- + Name specifies the unique name of the instance Pod created using this InstanceTemplate. + This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal + using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. + The specified name overrides any default naming conventions or patterns. + maxLength: 54 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + replicas: + default: 1 + description: |- + Specifies the number of instances (Pods) to create from this InstanceTemplate. + This field allows setting how many replicated instances of the Component, + with the specific overrides in the InstanceTemplate, are created. + The default value is 1. A value of 0 disables instance creation. + format: int32 + minimum: 0 + type: integer + resources: + description: |- + Specifies an override for the resource requirements of the first container in the Pod. + This field allows for customizing resource allocation (CPU, memory, etc.) for the container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + schedulingPolicy: + description: Specifies the scheduling policy for the + Component. + properties: + affinity: + description: If specified, the cluster's scheduling + constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + tolerations: + description: Attached to tolerate any taint that + matches the triple `key,value,effect` using + the matching operator `operator`. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + volumeClaimTemplates: + description: |- + Defines VolumeClaimTemplates to override. + Add new or override existing volume claim templates. + items: + properties: + annotations: + additionalProperties: + type: string + description: Specifies the annotations for the + PVC of the volume. + type: object + labels: + additionalProperties: + type: string + description: Specifies the labels for the PVC + of the volume. + type: object + name: + description: |- + Refers to the name of a volumeMount defined in either: + + + - `componentDefinition.spec.runtime.containers[*].volumeMounts` + - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) + + + The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. + type: string + spec: + description: |- + Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume + with the mount name specified in the `name` field. + + + When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification + defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. + properties: + accessModes: + description: |- + Contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. + items: + type: string + type: array + x-kubernetes-preserve-unknown-fields: true + resources: + description: |- + Represents the minimum resources the volume should have. + If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that + are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + storageClassName: + description: |- + The name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. + type: string + volumeMode: + description: Defines what type of volume + is required by the claim, either Block + or Filesystem. + type: string + type: object + required: + - name + type: object + type: array + volumeMounts: + description: |- + Defines VolumeMounts to override. + Add new or override existing volume mounts of the first container in the Pod. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + Defines Volumes to override. + Add new or override existing volumes. + items: + description: Volume represents a named volume in + a pod that may be accessed by any container in + the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the + data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data + disk in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of + secret that contains Azure Storage Account + Name and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as + the mounted root, rather than the full + Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward + API about the pod that should populate this + volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward + API volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a + field of the pod: only annotations, + labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim + references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label + query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target + lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC + target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this + field holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This + depends on the Flocker control service being + running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of + the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash + for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target + Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one + resources secrets, configmaps, and downward + API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information + about the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify + whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to + create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field of the + pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version + of the schema the + FieldPath is written + in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of + the field to select + in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the file + to be created. Must not + be absolute or contain + the ''..'' path. Must + be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for + volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address + of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO + Storage Pool associated with the protection + domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: volumePath is the path that + identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + offlineInstancesToOnline: + description: Specifies the instances in the offline list + to bring back online. + items: + type: string + type: array + replicaChanges: + description: Specifies the replica changes for the component. + format: int32 + minimum: 0 + type: integer + type: object + shards: + description: |- + Specifies the desired number of shards for the component. + This parameter is mutually exclusive with other parameters. + format: int32 + type: integer + required: + - componentName + type: object + x-kubernetes-validations: + - message: shards field cannot be used together with scaleOut or + scaleIn + rule: 'has(self.shards) ? (!has(self.scaleOut) && !has(self.scaleIn)) + : true' + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update spec.horizontalScaling + rule: self == oldSelf + preConditionDeadlineSeconds: + default: 0 + description: |- + Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met + before it aborts the operation. + If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed. + format: int32 + type: integer + rebuildFrom: + description: |- + Specifies the parameters to rebuild some instances. + Rebuilding an instance involves restoring its data from a backup or another database replica. + The instances being rebuilt usually serve as standby in the cluster. + Hence rebuilding instances is often also referred to as "standby reconstruction". + items: + properties: + backupName: + description: |- + Indicates the name of the Backup custom resource from which to recover the instance. + Defaults to an empty PersistentVolume if unspecified. + + + Note: + - Only full physical backups are supported for multi-replica Components (e.g., 'xtrabackup' for MySQL). + - Logical backups (e.g., 'mysqldump' for MySQL) are unsupported in the current version. + type: string + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + inPlace: + description: |- + When it is set to true, the instance will be rebuilt in-place. + By default, a new pod will be created. Once the new pod is ready to serve, + the instance that require rebuilding will be taken offline. + type: boolean + instances: + description: Specifies the instances (Pods) that need to be + rebuilt, typically operating as standbys. + items: + properties: + name: + description: Pod name of the instance. + type: string + targetNodeName: + description: |- + The instance will rebuild on the specified node. + If not set, it will rebuild on a random node. + type: string + required: + - name + type: object + minItems: 1 + type: array + restoreEnv: + description: |- + Defines container environment variables for the restore process. + merged with the ones specified in the Backup and ActionSet resources. + + + Merge priority: Restore env > Backup env > ActionSet env. + + + Purpose: Some databases require different configurations when being restored as a standby + compared to being restored as a primary. + For example, when restoring MySQL as a replica, you need to set `skip_slave_start="ON"` for 5.7 + or `skip_replica_start="ON"` for 8.0. + Allowing environment variables to be passed in makes it more convenient to control these behavioral differences + during the restore process. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + sourceBackupTargetName: + description: When multiple source targets exist of the backup, + you must specify the source target to restore. + type: string + required: + - componentName + - instances + type: object + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update spec.rebuildFrom + rule: self == oldSelf + reconfigure: + description: |- + Specifies a component and its configuration updates. + + + This field is deprecated and replaced by `reconfigures`. + properties: + componentName: + description: Specifies the name of the Component as defined in + the cluster.spec + type: string + configurations: + description: |- + Contains a list of ConfigurationItem objects, specifying the Component's configuration template name, + upgrade policy, and parameter key-value pairs to be updated. + items: + properties: + keys: + description: |- + Sets the configuration files and their associated parameters that need to be updated. + It should contain at least one item. + items: + properties: + fileContent: + description: |- + Specifies the content of the entire configuration file. + This field is used to update the complete configuration file. + + + Either the `parameters` field or the `fileContent` field must be set, but not both. + type: string + key: + description: |- + Represents a key in the configuration template(as ConfigMap). + Each key in the ConfigMap corresponds to a specific configuration file. + type: string + parameters: + description: |- + Specifies a list of key-value pairs representing parameters and their corresponding values + within a single configuration file. + This field is used to override or set the values of parameters without modifying the entire configuration file. + + + Either the `parameters` field or the `fileContent` field must be set, but not both. + items: + properties: + key: + description: Represents the name of the parameter + that is to be updated. + type: string + value: + description: |- + Represents the parameter values that are to be updated. + If set to nil, the parameter defined by the Key field will be removed from the configuration file. + type: string + required: + - key + type: object + type: array + required: + - key + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Specifies the name of the configuration template. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + policy: + description: Defines the upgrade policy for the configuration. + enum: + - simple + - parallel + - rolling + - autoReload + - operatorSyncUpdate + - dynamicReloadBeginRestart + type: string + required: + - keys + - name + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - componentName + - configurations + type: object + reconfigures: + description: Lists Reconfigure objects, each specifying a Component + and its configuration updates. + items: + description: Reconfigure defines the parameters for updating a Component's + configuration. + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + configurations: + description: |- + Contains a list of ConfigurationItem objects, specifying the Component's configuration template name, + upgrade policy, and parameter key-value pairs to be updated. + items: + properties: + keys: + description: |- + Sets the configuration files and their associated parameters that need to be updated. + It should contain at least one item. + items: + properties: + fileContent: + description: |- + Specifies the content of the entire configuration file. + This field is used to update the complete configuration file. + + + Either the `parameters` field or the `fileContent` field must be set, but not both. + type: string + key: + description: |- + Represents a key in the configuration template(as ConfigMap). + Each key in the ConfigMap corresponds to a specific configuration file. + type: string + parameters: + description: |- + Specifies a list of key-value pairs representing parameters and their corresponding values + within a single configuration file. + This field is used to override or set the values of parameters without modifying the entire configuration file. + + + Either the `parameters` field or the `fileContent` field must be set, but not both. + items: + properties: + key: + description: Represents the name of the parameter + that is to be updated. + type: string + value: + description: |- + Represents the parameter values that are to be updated. + If set to nil, the parameter defined by the Key field will be removed from the configuration file. + type: string + required: + - key + type: object + type: array + required: + - key + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + description: Specifies the name of the configuration template. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + policy: + description: Defines the upgrade policy for the configuration. + enum: + - simple + - parallel + - rolling + - autoReload + - operatorSyncUpdate + - dynamicReloadBeginRestart + type: string + required: + - keys + - name + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - componentName + - configurations + type: object + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update spec.reconfigure + rule: self == oldSelf + restart: + description: Lists Components to be restarted. + items: + description: ComponentOps specifies the Component to be operated + on. + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + required: + - componentName + type: object + maxItems: 1024 + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update spec.restart + rule: self == oldSelf + restore: + description: |- + Specifies the parameters to restore a Cluster. + Note that this restore operation will roll back cluster services. + properties: + backupName: + description: Specifies the name of the Backup custom resource. + type: string + backupNamespace: + description: Specifies the namespace of the backup custom resource. + If not specified, the namespace of the opsRequest will be used. + type: string + deferPostReadyUntilClusterRunning: + description: |- + Controls the timing of PostReady actions during the recovery process. + + + If false (default), PostReady actions execute when the Component reaches the "Running" state. + If true, PostReady actions are delayed until the entire Cluster is "Running," + ensuring the cluster's overall stability before proceeding. + + + This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions. + type: boolean + env: + description: Specifies a list of environment variables to be set + in the container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + parameters: + description: |- + Specifies a list of name-value pairs representing parameters and their corresponding values. + Parameters match the schema specified in the `actionset.spec.parametersSchema` + items: + properties: + name: + description: Represents the name of the parameter. + type: string + value: + description: Represents the parameter values. + type: string + required: + - name + - value + type: object + maxItems: 128 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update parameters + rule: self == oldSelf + restorePointInTime: + description: |- + Specifies the point in time to which the restore should be performed. + Supported time formats: + + + - RFC3339 format, e.g. "2023-11-25T18:52:53Z" + - A human-readable date-time format, e.g. "Jul 25,2023 18:52:53 UTC+0800" + type: string + volumeRestorePolicy: + default: Parallel + description: |- + Specifies the policy for restoring volume claims of a Component's Pods. + It determines whether the volume claims should be restored sequentially (one by one) or in parallel (all at once). + Support values: + + + - "Serial" + - "Parallel" + enum: + - Serial + - Parallel + type: string + required: + - backupName + type: object + x-kubernetes-validations: + - message: forbidden to update restore.parameters + rule: has(oldSelf.parameters) == has(self.parameters) + restoreSpec: + description: |- + Deprecated: since v0.9, use restore instead. + Specifies the parameters to restore a Cluster. + Note that this restore operation will roll back cluster services. + properties: + backupName: + description: Specifies the name of the Backup custom resource. + type: string + backupNamespace: + description: Specifies the namespace of the backup custom resource. + If not specified, the namespace of the opsRequest will be used. + type: string + deferPostReadyUntilClusterRunning: + description: |- + Controls the timing of PostReady actions during the recovery process. + + + If false (default), PostReady actions execute when the Component reaches the "Running" state. + If true, PostReady actions are delayed until the entire Cluster is "Running," + ensuring the cluster's overall stability before proceeding. + + + This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions. + type: boolean + env: + description: Specifies a list of environment variables to be set + in the container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + parameters: + description: |- + Specifies a list of name-value pairs representing parameters and their corresponding values. + Parameters match the schema specified in the `actionset.spec.parametersSchema` + items: + properties: + name: + description: Represents the name of the parameter. + type: string + value: + description: Represents the parameter values. + type: string + required: + - name + - value + type: object + maxItems: 128 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update parameters + rule: self == oldSelf + restorePointInTime: + description: |- + Specifies the point in time to which the restore should be performed. + Supported time formats: + + + - RFC3339 format, e.g. "2023-11-25T18:52:53Z" + - A human-readable date-time format, e.g. "Jul 25,2023 18:52:53 UTC+0800" + type: string + volumeRestorePolicy: + default: Parallel + description: |- + Specifies the policy for restoring volume claims of a Component's Pods. + It determines whether the volume claims should be restored sequentially (one by one) or in parallel (all at once). + Support values: + + + - "Serial" + - "Parallel" + enum: + - Serial + - Parallel + type: string + required: + - backupName + type: object + scriptSpec: + description: |- + Specifies the image and scripts for executing engine-specific operations such as creating databases or users. + It supports limited engines including MySQL, PostgreSQL, Redis, MongoDB. + + + ScriptSpec has been replaced by the more versatile OpsDefinition. + It is recommended to use OpsDefinition instead. + ScriptSpec is deprecated and will be removed in a future version. + properties: + componentName: + description: Specifies the name of the Component as defined in + the cluster.spec + type: string + image: + description: |- + Specifies the image to be used to execute scripts. + + + By default, the image "apecloud/kubeblocks-datascript:latest" is used. + type: string + script: + description: |- + Defines the content of scripts to be executed. + + + All scripts specified in this field will be executed in the order they are provided. + + + Note: this field cannot be modified once set. + items: + type: string + type: array + x-kubernetes-validations: + - message: forbidden to update spec.scriptSpec.script + rule: self == oldSelf + scriptFrom: + description: |- + Specifies the sources of the scripts to be executed. + Each script can be imported either from a ConfigMap or a Secret. + + + All scripts obtained from the sources specified in this field will be executed after + any scripts provided in the `script` field. + + + Execution order: + 1. Scripts provided in the `script` field, in the order of the scripts listed. + 2. Scripts imported from ConfigMaps, in the order of the sources listed. + 3. Scripts imported from Secrets, in the order of the sources listed. + + + Note: this field cannot be modified once set. + properties: + configMapRef: + description: |- + A list of ConfigMapKeySelector objects, each specifies a ConfigMap and a key containing the script. + + + Note: This field cannot be modified once set. + items: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-validations: + - message: forbidden to update spec.scriptSpec.scriptFrom.configMapRef + rule: self == oldSelf + secretRef: + description: |- + A list of SecretKeySelector objects, each specifies a Secret and a key containing the script. + + + Note: This field cannot be modified once set. + items: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-validations: + - message: forbidden to update spec.scriptSpec.scriptFrom.secretRef + rule: self == oldSelf + type: object + x-kubernetes-validations: + - message: forbidden to update spec.scriptSpec.scriptFrom + rule: self == oldSelf + secret: + description: Defines the secret to be used to execute the script. + If not specified, the default cluster root credential secret + is used. + properties: + name: + description: Specifies the name of the secret. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + passwordKey: + default: password + description: Used to specify the password part of the secret. + type: string + usernameKey: + default: username + description: Used to specify the username part of the secret. + type: string + required: + - name + type: object + selector: + description: |- + Specifies the labels used to select the Pods on which the script should be executed. + + + By default, the script is executed on the Pod associated with the service named "{clusterName}-{componentName}", + which typically routes to the Pod with the primary/leader role. + + + However, some Components, such as Redis, do not synchronize account information between primary and secondary Pods. + In these cases, the script must be executed on all replica Pods matching the selector. + + + Note: this field cannot be modified once set. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: forbidden to update spec.scriptSpec.script.selector + rule: self == oldSelf + required: + - componentName + type: object + start: + description: Lists Components to be started. If empty, all components + will be started. + items: + description: ComponentOps specifies the Component to be operated + on. + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + required: + - componentName + type: object + maxItems: 1024 + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update spec.start + rule: self == oldSelf + stop: + description: Lists Components to be stopped. If empty, all components + will be stopped. + items: + description: ComponentOps specifies the Component to be operated + on. + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + required: + - componentName + type: object + maxItems: 1024 + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: forbidden to update spec.stop + rule: self == oldSelf + switchover: + description: Lists Switchover objects, each specifying a Component + to perform the switchover operation. + items: + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec. + type: string + componentObjectName: + description: Specifies the name of the Component object. + type: string + instanceName: + description: |- + Specifies the instance to become the primary or leader during a switchover operation. + + + The value of `instanceName` can be either: + + + 1. "*" (wildcard value): + - Indicates no specific instance is designated as the primary or leader. + - Executes the switchover action from `clusterDefinition.componentDefs[*].switchoverSpec.withoutCandidate`. + - `clusterDefinition.componentDefs[x].switchoverSpec.withoutCandidate` must be defined when using "*". + + + 2. A valid instance name (pod name): + - Designates a specific instance (pod) as the primary or leader. + - The name must match one of the pods in the component. Any non-valid pod name is considered invalid. + - Executes the switchover action from `clusterDefinition.componentDefs[*].switchoverSpec.withCandidate`. + - `clusterDefinition.componentDefs[*].switchoverSpec.withCandidate` must be defined when specifying a valid instance name. + type: string + required: + - instanceName + type: object + x-kubernetes-validations: + - message: need to specified only componentName or componentObjectName + rule: (has(self.componentName) && !has(self.componentObjectName)) + || (!has(self.componentName) && has(self.componentObjectName)) + type: array + x-kubernetes-validations: + - message: forbidden to update spec.switchover + rule: self == oldSelf + timeoutSeconds: + description: |- + Specifies the maximum duration (in seconds) that an opsRequest is allowed to run. + If the opsRequest runs longer than this duration, its phase will be marked as Aborted. + If this value is not set or set to 0, the timeout will be ignored and the opsRequest will run indefinitely. + format: int32 + type: integer + ttlSecondsAfterSucceed: + description: |- + Specifies the duration in seconds that an OpsRequest will remain in the system after successfully completing + (when `opsRequest.status.phase` is "Succeed") before automatic deletion. + format: int32 + type: integer + ttlSecondsAfterUnsuccessfulCompletion: + description: |- + Specifies the duration in seconds that an OpsRequest will remain in the system after completion + for any phase other than "Succeed" (e.g., "Failed", "Cancelled", "Aborted") before automatic deletion. + format: int32 + type: integer + type: + description: |- + Specifies the type of this operation. Supported types include "Start", "Stop", "Restart", "Switchover", + "VerticalScaling", "HorizontalScaling", "VolumeExpansion", "Reconfiguring", "Upgrade", "Backup", "Restore", + "Expose", "DataScript", "RebuildInstance", "Custom". + + + Note: This field is immutable once set. + enum: + - Upgrade + - VerticalScaling + - VolumeExpansion + - HorizontalScaling + - Restart + - Reconfiguring + - Start + - Stop + - Expose + - Switchover + - DataScript + - Backup + - Restore + - RebuildInstance + - Custom + type: string + x-kubernetes-validations: + - message: forbidden to update spec.type + rule: self == oldSelf + upgrade: + description: |- + Specifies the desired new version of the Cluster. + + + Note: This field is immutable once set. + properties: + clusterVersionRef: + description: |- + Deprecated: since v0.9 because ClusterVersion is deprecated. + Specifies the name of the target ClusterVersion for the upgrade. + type: string + components: + description: |- + Lists components to be upgrade based on desired ComponentDefinition and ServiceVersion. + From the perspective of cluster API, the reasonable combinations should be: + 1. (comp-def, service-ver) - upgrade to the specified service version and component definition, the user takes the responsibility to ensure that they are compatible. + 2. ("", service-ver) - upgrade to the specified service version, let the operator choose the latest compatible component definition. + 3. (comp-def, "") - upgrade to the specified component definition, let the operator choose the latest compatible service version. + 4. ("", "") - upgrade to the latest service version and component definition, the operator will ensure the compatibility between the selected versions. + items: + properties: + componentDefinitionName: + description: Specifies the name of the ComponentDefinition, + only exact matches are supported. + maxLength: 64 + type: string + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + serviceVersion: + description: |- + Specifies the version of the Service expected to be provisioned by this Component. + Referring to the ServiceVersion defined by the ComponentDefinition and ComponentVersion. + And ServiceVersion in ClusterComponentSpec is optional, when no version is specified, + use the latest available version in ComponentVersion. + maxLength: 32 + type: string + required: + - componentName + type: object + x-kubernetes-validations: + - message: at least one componentDefinitionName or serviceVersion + rule: has(self.componentDefinitionName) || has(self.serviceVersion) + maxItems: 1024 + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + type: object + x-kubernetes-validations: + - message: forbidden to update spec.upgrade + rule: self == oldSelf + verticalScaling: + description: Lists VerticalScaling objects, each specifying a component + and its desired compute resources for vertical scaling. + items: + description: |- + VerticalScaling refers to the process of adjusting compute resources (e.g., CPU, memory) allocated to a Component. + It defines the parameters required for the operation. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + instances: + description: Specifies the desired compute resources of the + instance template that need to vertical scale. + items: + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + name: + description: Refer to the instance template name of the + component or sharding. + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + required: + - name + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + required: + - componentName + type: object + x-kubernetes-preserve-unknown-fields: true + maxItems: 1024 + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + volumeExpansion: + description: |- + Lists VolumeExpansion objects, each specifying a component and its corresponding volumeClaimTemplates + that requires storage expansion. + items: + description: VolumeExpansion encapsulates the parameters required + for a volume expansion operation. + properties: + componentName: + description: Specifies the name of the Component as defined + in the cluster.spec + type: string + instances: + description: Specifies the desired storage size of the instance + template that need to volume expand. + items: + properties: + name: + description: Refer to the instance template name of the + component or sharding. + type: string + volumeClaimTemplates: + description: volumeClaimTemplates specifies the storage + size and volumeClaimTemplate name. + items: + properties: + name: + description: |- + Specify the name of the volumeClaimTemplate in the Component. + The specified name must match one of the volumeClaimTemplates defined + in the `clusterComponentSpec.volumeClaimTemplates` field. + type: string + storage: + anyOf: + - type: integer + - type: string + description: Specifies the desired storage size + for the volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - storage + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + - volumeClaimTemplates + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + volumeClaimTemplates: + description: |- + Specifies a list of OpsRequestVolumeClaimTemplate objects, defining the volumeClaimTemplates + that are used to expand the storage and the desired storage size for each one. + items: + properties: + name: + description: |- + Specify the name of the volumeClaimTemplate in the Component. + The specified name must match one of the volumeClaimTemplates defined + in the `clusterComponentSpec.volumeClaimTemplates` field. + type: string + storage: + anyOf: + - type: integer + - type: string + description: Specifies the desired storage size for the + volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - storage + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - componentName + - volumeClaimTemplates + type: object + type: array + x-kubernetes-list-map-keys: + - componentName + x-kubernetes-list-type: map + required: + - type + type: object + x-kubernetes-validations: + - message: forbidden to cancel the opsRequest which type not in ['VerticalScaling','HorizontalScaling'] + rule: 'has(self.cancel) && self.cancel ? (self.type in [''VerticalScaling'', + ''HorizontalScaling'']) : true' + status: + description: OpsRequestStatus represents the observed state of an OpsRequest. + properties: + cancelTimestamp: + description: Records the time when the OpsRequest was cancelled. + format: date-time + type: string + clusterGeneration: + description: Records the cluster generation after the OpsRequest action + has been handled. + format: int64 + type: integer + completionTimestamp: + description: Records the time when the OpsRequest was completed. + format: date-time + type: string + components: + additionalProperties: + properties: + lastFailedTime: + description: Records the timestamp when the Component last transitioned + to a "Failed" or "Abnormal" phase. + format: date-time + type: string + message: + description: Provides a human-readable message indicating details + about this operation. + maxLength: 32768 + type: string + phase: + description: |- + Records the current phase of the Component, mirroring `cluster.status.components[componentName].phase`. + Possible values include "Creating", "Running", "Updating", "Stopping", "Stopped", "Deleting", "Failed", "Abnormal". + enum: + - Creating + - Running + - Updating + - Stopping + - Stopped + - Deleting + - Failed + - Abnormal + type: string + preCheck: + description: Records the result of the preConditions check of + the opsRequest, which determines subsequent steps. + properties: + message: + description: Provides explanations related to the preCheck + result in a human-readable format. + type: string + pass: + description: Indicates whether the preCheck operation passed + or failed. + type: boolean + required: + - pass + type: object + progressDetails: + description: Describes the progress details of objects or actions + associated with the Component. + items: + properties: + actionName: + description: |- + Indicates the name of an OpsAction, as defined in `opsDefinition.spec.actions[*].name`. + Either `objectKey` or `actionName` must be provided. + type: string + actionTasks: + description: Lists the tasks, such as Jobs or Pods, that + carry out the action. + items: + properties: + namespace: + description: Represents the namespace where the + task is deployed. + type: string + objectKey: + description: Represents the name of the task. + type: string + retries: + description: The count of retry attempts made for + this task. + format: int32 + type: integer + status: + description: Indicates the current status of the + task, including "Processing", "Failed", "Succeed". + enum: + - Processing + - Failed + - Succeed + type: string + targetPodName: + description: The name of the Pod that the task is + associated with or operates on. + type: string + required: + - namespace + - objectKey + - status + type: object + type: array + endTime: + description: Records the completion time of object processing. + format: date-time + type: string + group: + description: Specifies the group to which the current + object belongs to. + type: string + message: + description: Provides a human-readable explanation of + the object's condition. + type: string + objectKey: + description: |- + `objectKey` uniquely identifies the object, which can be any K8s object, like a Pod, Job, Component, or PVC. + Either `objectKey` or `actionName` must be provided. + type: string + startTime: + description: Records the start time of object processing. + format: date-time + type: string + status: + description: Represents the current processing state of + the object, including "Processing", "Pending", "Failed", + "Succeed" + enum: + - Processing + - Pending + - Failed + - Succeed + type: string + required: + - status + type: object + x-kubernetes-validations: + - message: at least one objectKey or actionName. + rule: has(self.objectKey) || has(self.actionName) + type: array + reason: + description: Provides an explanation for the Component being + in its current state. + maxLength: 1024 + type: string + workloadType: + description: |- + Records the workload type of Component in ClusterDefinition. + Deprecated and should be removed in the future version. + enum: + - Stateless + - Stateful + - Consensus + - Replication + type: string + type: object + description: Records the status information of Components changed + due to the OpsRequest. + type: object + conditions: + description: |- + Describes the detailed status of the OpsRequest. + Possible condition types include "Cancelled", "WaitForProgressing", "Validated", "Succeed", "Failed", "Restarting", + "VerticalScaling", "HorizontalScaling", "VolumeExpanding", "Reconfigure", "Switchover", "Stopping", "Starting", + "VersionUpgrading", "Exposing", "ExecuteDataScript", "Backup", "InstancesRebuilding", "CustomOperation". + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + extras: + description: A collection of additional key-value pairs that provide + supplementary information for the OpsRequest. + items: + additionalProperties: + type: string + type: object + type: array + lastConfiguration: + description: Records the configuration prior to any changes. + properties: + clusterVersionRef: + description: |- + Specifies the name of the ClusterVersion. + Deprecated and should be removed in the future version. + type: string + components: + additionalProperties: + description: LastComponentConfiguration can be used to track + and compare the desired state of the Component over time. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + classDefRef: + description: |- + Records the class of the Component prior to any changes. + Deprecated since v0.9. + properties: + class: + description: Defines the name of the class that is defined + in the ComponentClassDefinition. + type: string + name: + description: Specifies the name of the ComponentClassDefinition. + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + required: + - class + type: object + componentDefinitionName: + description: Records the name of the ComponentDefinition + prior to any changes. + type: string + instances: + description: Records the InstanceTemplate list of the Component + prior to any changes. + items: + description: InstanceTemplate allows customization of + individual replica configurations in a Component. + properties: + annotations: + additionalProperties: + type: string + description: |- + Specifies a map of key-value pairs to be merged into the Pod's existing annotations. + Existing keys will have their values overwritten, while new keys will be added to the annotations. + type: object + env: + description: |- + Defines Env to override. + Add new or override existing envs. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Specifies an override for the first container's + image in the Pod. + type: string + labels: + additionalProperties: + type: string + description: |- + Specifies a map of key-value pairs that will be merged into the Pod's existing labels. + Values for existing keys will be overwritten, and new keys will be added. + type: object + name: + description: |- + Name specifies the unique name of the instance Pod created using this InstanceTemplate. + This name is constructed by concatenating the Component's name, the template's name, and the instance's ordinal + using the pattern: $(cluster.name)-$(component.name)-$(template.name)-$(ordinal). Ordinals start from 0. + The specified name overrides any default naming conventions or patterns. + maxLength: 54 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + replicas: + default: 1 + description: |- + Specifies the number of instances (Pods) to create from this InstanceTemplate. + This field allows setting how many replicated instances of the Component, + with the specific overrides in the InstanceTemplate, are created. + The default value is 1. A value of 0 disables instance creation. + format: int32 + minimum: 0 + type: integer + resources: + description: |- + Specifies an override for the resource requirements of the first container in the Pod. + This field allows for customizing resource allocation (CPU, memory, etc.) for the container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + schedulingPolicy: + description: Specifies the scheduling policy for the + Component. + properties: + affinity: + description: If specified, the cluster's scheduling + constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + tolerations: + description: Attached to tolerate any taint that + matches the triple `key,value,effect` using + the matching operator `operator`. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + volumeClaimTemplates: + description: |- + Defines VolumeClaimTemplates to override. + Add new or override existing volume claim templates. + items: + properties: + annotations: + additionalProperties: + type: string + description: Specifies the annotations for the + PVC of the volume. + type: object + labels: + additionalProperties: + type: string + description: Specifies the labels for the PVC + of the volume. + type: object + name: + description: |- + Refers to the name of a volumeMount defined in either: + + + - `componentDefinition.spec.runtime.containers[*].volumeMounts` + - `clusterDefinition.spec.componentDefs[*].podSpec.containers[*].volumeMounts` (deprecated) + + + The value of `name` must match the `name` field of a volumeMount specified in the corresponding `volumeMounts` array. + type: string + spec: + description: |- + Defines the desired characteristics of a PersistentVolumeClaim that will be created for the volume + with the mount name specified in the `name` field. + + + When a Pod is created for this ClusterComponent, a new PVC will be created based on the specification + defined in the `spec` field. The PVC will be associated with the volume mount specified by the `name` field. + properties: + accessModes: + description: |- + Contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1. + items: + type: string + type: array + x-kubernetes-preserve-unknown-fields: true + resources: + description: |- + Represents the minimum resources the volume should have. + If the RecoverVolumeExpansionFailure feature is enabled, users are allowed to specify resource requirements that + are lower than the previous value but must still be higher than the capacity recorded in the status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + storageClassName: + description: |- + The name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. + type: string + volumeMode: + description: Defines what type of volume + is required by the claim, either Block + or Filesystem. + type: string + type: object + required: + - name + type: object + type: array + volumeMounts: + description: |- + Defines VolumeMounts to override. + Add new or override existing volume mounts of the first container in the Pod. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + Defines Volumes to override. + Add new or override existing volumes. + items: + description: Volume represents a named volume in + a pod that may be accessed by any container in + the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the + data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data + disk in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of + secret that contains Azure Storage Account + Name and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as + the mounted root, rather than the full + Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward + API about the pod that should populate this + volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward + API volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a + field of the pod: only annotations, + labels, name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim + references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label + query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target + lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC + target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this + field holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This + depends on the Flocker control service being + running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of + the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash + for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target + Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one + resources secrets, configmaps, and downward + API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information + about the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify + whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to + create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field of the + pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version + of the schema the + FieldPath is written + in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of + the field to select + in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the file + to be created. Must not + be absolute or contain + the ''..'' path. Must + be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for + volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the + key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address + of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO + Storage Pool associated with the protection + domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile + ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile + name. + type: string + volumePath: + description: volumePath is the path that + identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - name + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + offlineInstances: + description: Records the offline instances of the Component + prior to any changes. + items: + type: string + type: array + replicas: + description: Records the `replicas` of the Component prior + to any changes. + format: int32 + type: integer + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + serviceVersion: + description: Records the version of the Service expected + to be provisioned by this Component prior to any changes. + type: string + services: + description: Records the ClusterComponentService list of + the Component prior to any changes. + items: + properties: + annotations: + additionalProperties: + type: string + description: |- + If ServiceType is LoadBalancer, cloud provider related parameters can be put here. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. + type: object + name: + description: References the ComponentService name + defined in the `componentDefinition.spec.services[*].name`. + maxLength: 25 + type: string + podService: + default: false + description: |- + Indicates whether to generate individual Services for each Pod. + If set to true, a separate Service will be created for each Pod in the Cluster. + type: boolean + serviceType: + default: ClusterIP + description: |- + Determines how the Service is exposed. Valid options are `ClusterIP`, `NodePort`, and `LoadBalancer`. + + + - `ClusterIP` allocates a Cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is not specified, + they are determined by manual construction of an Endpoints object or EndpointSlice objects. + - `NodePort` builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the ClusterIP. + - `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) + which routes to the same endpoints as the ClusterIP. + + + Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for ClusterComponentService. + + + For more info, see: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + x-kubernetes-preserve-unknown-fields: true + required: + - name + type: object + type: array + shards: + description: Records the `shards` of the Component prior + to any changes. + format: int32 + type: integer + targetResources: + additionalProperties: + items: + type: string + type: array + description: |- + Records the information about various types of resources associated with the Component prior to any changes. + Currently, only one type of resource is supported: "pods". + The "pods" key maps to a list of names of all Pods of the Component. + type: object + volumeClaimTemplates: + description: Records volumes' storage size of the Component + prior to any changes. + items: + properties: + name: + description: |- + Specify the name of the volumeClaimTemplate in the Component. + The specified name must match one of the volumeClaimTemplates defined + in the `clusterComponentSpec.volumeClaimTemplates` field. + type: string + storage: + anyOf: + - type: integer + - type: string + description: Specifies the desired storage size for + the volume. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - storage + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + description: Records the configuration of each Component prior + to any changes. + type: object + type: object + phase: + description: |- + Represents the phase of the OpsRequest. + Possible values include "Pending", "Creating", "Running", "Cancelling", "Cancelled", "Failed", "Succeed". + enum: + - Pending + - Creating + - Running + - Cancelling + - Cancelled + - Aborted + - Failed + - Succeed + type: string + progress: + default: -/- + description: Represents the progress of the OpsRequest. + pattern: ^(\d+|\-)/(\d+|\-)$ + type: string + reconfiguringStatus: + description: |- + Deprecated: Replaced by ReconfiguringStatusAsComponent. + Defines the status information of reconfiguring. + properties: + conditions: + description: |- + Describes the reconfiguring detail status. + Possible condition types include "Creating", "Init", "Running", "Pending", "Merged", "MergeFailed", "FailedAndPause", + "Upgrading", "Deleting", "FailedAndRetry", "Finished", "ReconfigurePersisting", "ReconfigurePersisted". + items: + description: "Condition contains details for one aspect of the + current state of this API Resource.\n---\nThis struct is intended + for direct use as an array at the field path .status.conditions. + \ For example,\n\n\n\ttype FooStatus struct{\n\t // Represents + the observations of a foo's current state.\n\t // Known + .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t + \ // +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + configurationStatus: + description: Describes the status of the component reconfiguring. + items: + properties: + expectedCount: + default: -1 + description: Represents the total count of pods intended + to be updated by a configuration change. + format: int32 + type: integer + lastAppliedConfiguration: + additionalProperties: + type: string + description: Stores the last applied configuration. + type: object + lastStatus: + description: |- + Records the last state of the reconfiguration finite state machine. + Possible values include "None", "Retry", "Failed", "NotSupport", "FailedAndRetry". + + + - "None" describes fsm has finished and quit. + - "Retry" describes fsm is running. + - "Failed" describes fsm is failed and exited. + - "NotSupport" describes fsm does not support the feature. + - "FailedAndRetry" describes fsm is failed in current state, but can be retried. + type: string + message: + description: Provides details about the operation. + type: string + name: + description: Indicates the name of the configuration template + (as ConfigMap). + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + status: + description: |- + Represents the current state of the reconfiguration state machine. + Possible values include "Creating", "Init", "Running", "Pending", "Merged", "MergeFailed", "FailedAndPause", + "Upgrading", "Deleting", "FailedAndRetry", "Finished", "ReconfigurePersisting", "ReconfigurePersisted". + type: string + succeedCount: + default: 0 + description: Records the number of pods successfully updated + following a configuration change. + format: int32 + type: integer + updatePolicy: + description: Records the UpgradePolicy of the configuration + change operation. + enum: + - simple + - parallel + - rolling + - autoReload + - operatorSyncUpdate + - dynamicReloadBeginRestart + type: string + updatedParameters: + description: Contains the updated parameters. + properties: + addedKeys: + additionalProperties: + type: string + description: Maps newly added configuration files to + their content. + type: object + deletedKeys: + additionalProperties: + type: string + description: Lists the name of configuration files that + have been deleted. + type: object + updatedKeys: + additionalProperties: + type: string + description: Maps the name of configuration files to + their updated content, detailing the changes made. + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - configurationStatus + type: object + reconfiguringStatusAsComponent: + additionalProperties: + properties: + conditions: + description: |- + Describes the reconfiguring detail status. + Possible condition types include "Creating", "Init", "Running", "Pending", "Merged", "MergeFailed", "FailedAndPause", + "Upgrading", "Deleting", "FailedAndRetry", "Finished", "ReconfigurePersisting", "ReconfigurePersisted". + items: + description: "Condition contains details for one aspect of + the current state of this API Resource.\n---\nThis struct + is intended for direct use as an array at the field path + .status.conditions. For example,\n\n\n\ttype FooStatus + struct{\n\t // Represents the observations of a foo's + current state.\n\t // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // + +listType=map\n\t // +listMapKey=type\n\t Conditions + []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + configurationStatus: + description: Describes the status of the component reconfiguring. + items: + properties: + expectedCount: + default: -1 + description: Represents the total count of pods intended + to be updated by a configuration change. + format: int32 + type: integer + lastAppliedConfiguration: + additionalProperties: + type: string + description: Stores the last applied configuration. + type: object + lastStatus: + description: |- + Records the last state of the reconfiguration finite state machine. + Possible values include "None", "Retry", "Failed", "NotSupport", "FailedAndRetry". + + + - "None" describes fsm has finished and quit. + - "Retry" describes fsm is running. + - "Failed" describes fsm is failed and exited. + - "NotSupport" describes fsm does not support the feature. + - "FailedAndRetry" describes fsm is failed in current state, but can be retried. + type: string + message: + description: Provides details about the operation. + type: string + name: + description: Indicates the name of the configuration template + (as ConfigMap). + maxLength: 63 + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + status: + description: |- + Represents the current state of the reconfiguration state machine. + Possible values include "Creating", "Init", "Running", "Pending", "Merged", "MergeFailed", "FailedAndPause", + "Upgrading", "Deleting", "FailedAndRetry", "Finished", "ReconfigurePersisting", "ReconfigurePersisted". + type: string + succeedCount: + default: 0 + description: Records the number of pods successfully updated + following a configuration change. + format: int32 + type: integer + updatePolicy: + description: Records the UpgradePolicy of the configuration + change operation. + enum: + - simple + - parallel + - rolling + - autoReload + - operatorSyncUpdate + - dynamicReloadBeginRestart + type: string + updatedParameters: + description: Contains the updated parameters. + properties: + addedKeys: + additionalProperties: + type: string + description: Maps newly added configuration files + to their content. + type: object + deletedKeys: + additionalProperties: + type: string + description: Lists the name of configuration files + that have been deleted. + type: object + updatedKeys: + additionalProperties: + type: string + description: Maps the name of configuration files + to their updated content, detailing the changes + made. + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - configurationStatus + type: object + description: Records the status of a reconfiguring operation if `opsRequest.spec.type` + equals to "Reconfiguring". + type: object + startTimestamp: + description: Records the time when the OpsRequest started processing. + format: date-time + type: string + required: + - progress + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/aquasecurity.github.io/ciskubebenchreport.yaml b/definitions/aquasecurity.github.io/ciskubebenchreport.yaml new file mode 100644 index 000000000..a432e3fb8 --- /dev/null +++ b/definitions/aquasecurity.github.io/ciskubebenchreport.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ciskubebenchreports.aquasecurity.github.io + labels: + app.kubernetes.io/managed-by: trivy-operator + app.kubernetes.io/version: "0.0.5" +spec: + group: aquasecurity.github.io + versions: + - name: v1alpha1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .report.scanner.name + type: string + name: Scanner + - jsonPath: .metadata.creationTimestamp + type: date + name: Age + - jsonPath: .report.summary.failCount + type: integer + name: Fail + priority: 1 + - jsonPath: .report.summary.warnCount + type: integer + name: Warn + priority: 1 + - jsonPath: .report.summary.infoCount + type: integer + name: Info + priority: 1 + - jsonPath: .report.summary.passCount + type: integer + name: Pass + priority: 1 + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: "object" + scope: Cluster + names: + singular: ciskubebenchreport + plural: ciskubebenchreports + kind: CISKubeBenchReport + listKind: CISKubeBenchReportList + shortNames: + - kubebench + diff --git a/definitions/aquasecurity.github.io/clustercompliancedetailreport.yaml b/definitions/aquasecurity.github.io/clustercompliancedetailreport.yaml new file mode 100644 index 000000000..e2b2b20dd --- /dev/null +++ b/definitions/aquasecurity.github.io/clustercompliancedetailreport.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustercompliancedetailreports.aquasecurity.github.io + labels: + app.kubernetes.io/managed-by: trivy-operator + app.kubernetes.io/version: "0.0.5" +spec: + group: aquasecurity.github.io + versions: + - name: v1alpha1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + type: date + name: Age + description: The age of the report + - jsonPath: .report.summary.failCount + type: integer + name: Fail + priority: 1 + description: The number of checks that failed with Danger status + - jsonPath: .report.summary.passCount + type: integer + name: Pass + priority: 1 + description: The number of checks that passed + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + type: object + scope: Cluster + names: + singular: clustercompliancedetailreport + plural: clustercompliancedetailreports + kind: ClusterComplianceDetailReport + listKind: ClusterComplianceDetailReportList + shortNames: + - compliancedetail + diff --git a/definitions/aquasecurity.github.io/kubehunterreport.yaml b/definitions/aquasecurity.github.io/kubehunterreport.yaml new file mode 100644 index 000000000..f784cea00 --- /dev/null +++ b/definitions/aquasecurity.github.io/kubehunterreport.yaml @@ -0,0 +1,133 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: kubehunterreports.aquasecurity.github.io + labels: + app.kubernetes.io/managed-by: trivy-operator + app.kubernetes.io/version: "0.0.3" +spec: + group: aquasecurity.github.io + versions: + - name: v1alpha1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: ".report.scanner.name" + name: "Scanner" + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + - jsonPath: ".report.summary.highCount" + name: "High" + type: "integer" + priority: 1 + - jsonPath: ".report.summary.mediumCount" + name: "Medium" + type: "integer" + priority: 1 + - jsonPath: ".report.summary.lowCount" + name: "Low" + type: "integer" + priority: 1 + schema: + openAPIV3Schema: + type: object + required: + - apiVersion + - kind + - metadata + - report + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + report: + type: object + required: + - scanner + - summary + - vulnerabilities + properties: + scanner: + type: object + required: + - name + - vendor + - version + properties: + name: + type: string + vendor: + type: string + version: + type: string + summary: + type: object + required: + - highCount + - mediumCount + - lowCount + - unknownCount + properties: + highCount: + type: integer + minimum: 0 + mediumCount: + type: integer + minimum: 0 + lowCount: + type: integer + minimum: 0 + unknownCount: + type: integer + minimum: 0 + vulnerabilities: + type: array + items: + type: object + required: + - location + - vid + - category + - severity + - vulnerability + - description + - evidence + - avd_reference + properties: + location: + type: string + vid: + type: string + category: + type: string + vulnerability: + type: string + severity: + type: string + enum: + - high + - medium + - low + - unknown + description: + type: string + evidence: + type: string + avd_reference: + type: string + scope: Cluster + names: + singular: kubehunterreport + plural: kubehunterreports + kind: KubeHunterReport + listKind: KubeHunterReportList + categories: [] + shortNames: + - kubehunter + diff --git a/definitions/argoproj.io/argocdextension.yaml b/definitions/argoproj.io/argocdextension.yaml new file mode 100644 index 000000000..434b8e94b --- /dev/null +++ b/definitions/argoproj.io/argocdextension.yaml @@ -0,0 +1,99 @@ + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + controller-gen.kubebuilder.io/version: v0.4.1 + labels: + app.kubernetes.io/name: argocdextensions.argoproj.io + app.kubernetes.io/part-of: argocd + name: argocdextensions.argoproj.io +spec: + group: argoproj.io + names: + kind: ArgoCDExtension + listKind: ArgoCDExtensionList + plural: argocdextensions + singular: argocdextension + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ArgoCDExtension is the Schema for the argocdextensions API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ArgoCDExtensionSpec defines the desired state of ArgoCDExtension + properties: + sources: + description: Sources specifies where the extension should come from + items: + description: ExtensionSource specifies where the extension should + be sourced from + properties: + git: + description: Git is specified if the extension should be sourced + from a git repository + properties: + revision: + description: Revision specifies the revision of the Repository + to fetch + type: string + url: + description: URL specifies the Git repository URL to fetch + type: string + type: object + web: + description: Web is specified if the extension should be sourced + from a web file + properties: + url: + description: URK specifies the remote file URL + type: string + type: object + type: object + type: array + required: + - sources + type: object + status: + description: ArgoCDExtensionStatus defines the observed state of ArgoCDExtension + properties: + conditions: + items: + properties: + message: + description: Message contains human-readable message indicating + details about condition + type: string + status: + description: Boolean status describing if the condition is currently + true + type: string + type: + description: Type is an ArgoCDExtension condition type + type: string + required: + - message + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + diff --git a/definitions/argoproj.io/gateway.yaml b/definitions/argoproj.io/gateway.yaml new file mode 100644 index 000000000..35eef11a6 --- /dev/null +++ b/definitions/argoproj.io/gateway.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gateways.argoproj.io +spec: + group: argoproj.io + names: + kind: Gateway + listKind: GatewayList + plural: gateways + singular: gateway + shortNames: + - gw + scope: Namespaced + version: "v1alpha1" + diff --git a/definitions/autoscaling.internal.knative.dev/podautoscaler.yaml b/definitions/autoscaling.internal.knative.dev/podautoscaler.yaml new file mode 100644 index 000000000..b52541883 --- /dev/null +++ b/definitions/autoscaling.internal.knative.dev/podautoscaler.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: podautoscalers.autoscaling.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: autoscaling.internal.knative.dev + names: + categories: + - all + - knative-internal + - autoscaling + kind: PodAutoscaler + plural: podautoscalers + shortNames: + - kpa + singular: podautoscaler + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + diff --git a/definitions/azureprovider.k8s.io/azureclusterproviderspec.yaml b/definitions/azureprovider.k8s.io/azureclusterproviderspec.yaml new file mode 100644 index 000000000..d8aa90b13 --- /dev/null +++ b/definitions/azureprovider.k8s.io/azureclusterproviderspec.yaml @@ -0,0 +1,502 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: azureclusterproviderspecs.azureprovider.k8s.io +spec: + group: azureprovider.k8s.io + names: + kind: AzureClusterProviderSpec + plural: azureclusterproviderspecs + scope: Namespaced + validation: + openAPIV3Schema: + properties: + adminKubeconfig: + description: AdminKubeconfig generated using the certificates part of the + spec do not move to status, since it uses on disk ca certs, which causes + issues during regeneration + type: string + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + caKeyPair: + description: CAKeyPair is the key pair for CA certs. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + clusterConfiguration: + description: ClusterConfiguration holds the cluster-wide information used + during a kubeadm init call. + properties: + apiServer: + description: APIServer contains extra settings for the API server control + plane component + properties: + certSANs: + description: CertSANs sets extra Subject Alternative Names for the + API Server signing cert. + items: + type: string + type: array + extraArgs: + description: 'ExtraArgs is an extra set of flags to pass to the + control plane component. TODO: This is temporary and ideally we + would like to switch all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, mounted + to the control plane component. + items: + properties: + hostPath: + description: HostPath is the path in the host that will be + mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where hostPath + will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - name + - hostPath + - mountPath + type: object + type: array + timeoutForControlPlane: + description: TimeoutForControlPlane controls the timeout that we + use for API server to appear + type: string + type: object + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + certificatesDir: + description: CertificatesDir specifies where to store or look for all + required certificates. + type: string + clusterName: + description: The cluster name + type: string + controlPlaneEndpoint: + description: 'ControlPlaneEndpoint sets a stable IP address or DNS name + for the control plane; it can be a valid IP address or a RFC-1123 + DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint + is not specified, the AdvertiseAddress + BindPort are used; in case + the ControlPlaneEndpoint is specified but without a TCP port, the + BindPort is used. Possible usages are: e.g. In a cluster with more + than one control plane instances, this field should be assigned the + address of the external load balancer in front of the control plane + instances. e.g. in environments with enforced node recycling, the + ControlPlaneEndpoint could be used for assigning a stable DNS to the + control plane.' + type: string + controllerManager: + description: ControllerManager contains extra settings for the controller + manager control plane component + properties: + extraArgs: + description: 'ExtraArgs is an extra set of flags to pass to the + control plane component. TODO: This is temporary and ideally we + would like to switch all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, mounted + to the control plane component. + items: + properties: + hostPath: + description: HostPath is the path in the host that will be + mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where hostPath + will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - name + - hostPath + - mountPath + type: object + type: array + type: object + dns: + description: DNS defines the options for the DNS add-on installed in + the cluster. + properties: + imageRepository: + description: ImageRepository sets the container registry to pull + images from. if not set, the ImageRepository defined in ClusterConfiguration + will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. In + case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + type: + description: Type defines the DNS add-on to be used + type: string + required: + - type + type: object + etcd: + description: Etcd holds configuration for etcd. + properties: + external: + description: External describes how to connect to an external etcd + cluster Local and External are mutually exclusive + properties: + caFile: + description: CAFile is an SSL Certificate Authority file used + to secure etcd communication. Required if using a TLS connection. + type: string + certFile: + description: CertFile is an SSL certification file used to secure + etcd communication. Required if using a TLS connection. + type: string + endpoints: + description: Endpoints of etcd members. Required for ExternalEtcd. + items: + type: string + type: array + keyFile: + description: KeyFile is an SSL key file used to secure etcd + communication. Required if using a TLS connection. + type: string + required: + - endpoints + - caFile + - certFile + - keyFile + type: object + local: + description: Local provides configuration knobs for configuring + the local etcd instance Local and External are mutually exclusive + properties: + dataDir: + description: DataDir is the directory etcd will place its data. + Defaults to "/var/lib/etcd". + type: string + extraArgs: + description: ExtraArgs are extra arguments provided to the etcd + binary when run inside a static pod. + type: object + imageRepository: + description: ImageRepository sets the container registry to + pull images from. if not set, the ImageRepository defined + in ClusterConfiguration will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. + In case this value is set, kubeadm does not change automatically + the version of the above components during upgrades. + type: string + peerCertSANs: + description: PeerCertSANs sets extra Subject Alternative Names + for the etcd peer signing cert. + items: + type: string + type: array + serverCertSANs: + description: ServerCertSANs sets extra Subject Alternative Names + for the etcd server signing cert. + items: + type: string + type: array + required: + - dataDir + type: object + type: object + featureGates: + description: FeatureGates enabled by the user. + type: object + imageRepository: + description: ImageRepository sets the container registry to pull images + from. If empty, `k8s.gcr.io` will be used by default; in case of kubernetes + version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) + `gcr.io/kubernetes-ci-images` will be used as a default for control + plane components and for kube-proxy, while `k8s.gcr.io` will be used + for all the other images. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + kubernetesVersion: + description: KubernetesVersion is the target version of the control + plane. + type: string + networking: + description: Networking holds configuration for the networking topology + of the cluster. + properties: + dnsDomain: + description: DNSDomain is the dns domain used by k8s services. Defaults + to "cluster.local". + type: string + podSubnet: + description: PodSubnet is the subnet used by pods. + type: string + serviceSubnet: + description: ServiceSubnet is the subnet used by k8s services. Defaults + to "10.96.0.0/12". + type: string + required: + - serviceSubnet + - podSubnet + - dnsDomain + type: object + scheduler: + description: Scheduler contains extra settings for the scheduler control + plane component + properties: + extraArgs: + description: 'ExtraArgs is an extra set of flags to pass to the + control plane component. TODO: This is temporary and ideally we + would like to switch all components to use ComponentConfig + ConfigMaps.' + type: object + extraVolumes: + description: ExtraVolumes is an extra set of host volumes, mounted + to the control plane component. + items: + properties: + hostPath: + description: HostPath is the path in the host that will be + mounted inside the pod. + type: string + mountPath: + description: MountPath is the path inside the pod where hostPath + will be mounted. + type: string + name: + description: Name of the volume inside the pod template. + type: string + pathType: + description: PathType is the type of the HostPath. + type: string + readOnly: + description: ReadOnly controls write access to the volume + type: boolean + required: + - name + - hostPath + - mountPath + type: object + type: array + type: object + useHyperKubeImage: + description: UseHyperKubeImage controls if hyperkube should be used + for Kubernetes components instead of their respective separate images + type: boolean + required: + - etcd + - networking + - kubernetesVersion + - controlPlaneEndpoint + - dns + - certificatesDir + - imageRepository + type: object + discoveryHashes: + description: DiscoveryHashes generated using the certificates part of the + spec, used by master and nodes bootstrapping this never changes until + ca is rotated do not move to status, since it uses on disk ca certs, which + causes issues during regeneration + items: + type: string + type: array + etcdCAKeyPair: + description: EtcdCAKeyPair is the key pair for etcd. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + frontProxyCAKeyPair: + description: FrontProxyCAKeyPair is the key pair for the front proxy. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + location: + type: string + metadata: + type: object + networkSpec: + description: NetworkSpec encapsulates all things related to Azure network. + properties: + subnets: + description: Subnets configuration. + items: + properties: + cidrBlock: + description: CidrBlock is the CIDR block to be used when the provider + creates a managed Vnet. + type: string + id: + description: ID defines a unique identifier to reference this + resource. + type: string + name: + description: Name defines a name for the subnet resource. + type: string + securityGroup: + description: SecurityGroup defines the NSG (network security group) + that should be attached to this subnet. + properties: + id: + type: string + ingressRule: + items: + properties: + description: + type: string + destination: + description: Destination - The destination address prefix. + CIDR or destination IP range. Asterix '*' can also + be used to match all source IPs. Default tags such + as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' + can also be used. + type: string + destinationPorts: + description: DestinationPorts - The destination port + or range. Integer or range between 0 and 65535. Asterix + '*' can also be used to match all ports. + type: string + protocol: + type: string + source: + description: Source - The CIDR or source IP range. Asterix + '*' can also be used to match all source IPs. Default + tags such as 'VirtualNetwork', 'AzureLoadBalancer' + and 'Internet' can also be used. If this is an ingress + rule, specifies where network traffic originates from. + type: string + sourcePorts: + description: SourcePorts - The source port or range. + Integer or range between 0 and 65535. Asterix '*' + can also be used to match all ports. + type: string + required: + - description + - protocol + type: object + type: array + name: + type: string + required: + - id + - name + - ingressRule + type: object + vnetId: + description: VnetID defines the ID of the virtual network this + subnet should be built in. + type: string + required: + - name + - vnetId + - securityGroup + type: object + type: array + vnet: + description: Vnet configuration. + properties: + cidrBlock: + description: CidrBlock is the CIDR block to be used when the provider + creates a managed virtual network. + type: string + id: + description: ID is the identifier of the virtual network this provider + should use to create resources. + type: string + name: + description: Name defines a name for the virtual network resource. + type: string + required: + - name + type: object + type: object + resourceGroup: + type: string + saKeyPair: + description: SAKeyPair is the service account key pair. + properties: + cert: + description: base64 encoded cert and key + format: byte + type: string + key: + format: byte + type: string + required: + - cert + - key + type: object + required: + - resourceGroup + - location + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/azureprovider.k8s.io/azureclusterproviderstatus.yaml b/definitions/azureprovider.k8s.io/azureclusterproviderstatus.yaml new file mode 100644 index 000000000..0db7e56ae --- /dev/null +++ b/definitions/azureprovider.k8s.io/azureclusterproviderstatus.yaml @@ -0,0 +1,128 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: azureclusterproviderstatuses.azureprovider.k8s.io +spec: + group: azureprovider.k8s.io + names: + kind: AzureClusterProviderStatus + plural: azureclusterproviderstatuses + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + bastion: + properties: + id: + type: string + identity: + type: string + image: + description: Storage profile + properties: + offer: + type: string + publisher: + type: string + sku: + type: string + version: + type: string + required: + - publisher + - offer + - sku + - version + type: object + name: + type: string + osDisk: + properties: + diskSizeGB: + format: int32 + type: integer + managedDisk: + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - osType + - managedDisk + - diskSizeGB + type: object + startupScript: + type: string + vmSize: + description: Hardware profile + type: string + vmState: + description: State - The provisioning state, which only appears in the + response. + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + network: + properties: + apiServerIp: + description: APIServerIP is the Kubernetes API server public IP address. + properties: + dnsName: + type: string + id: + type: string + ipAddress: + type: string + name: + type: string + type: object + apiServerLb: + description: APIServerLB is the Kubernetes API server load balancer. + properties: + backendPool: + properties: + id: + type: string + name: + type: string + type: object + frontendIpConfig: + type: object + id: + type: string + name: + type: string + sku: + type: string + type: object + securityGroups: + description: SecurityGroups is a map from the role/kind of the security + group to its unique name, if any. + type: object + type: object + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/azureprovider.k8s.io/azuremachineproviderspec.yaml b/definitions/azureprovider.k8s.io/azuremachineproviderspec.yaml new file mode 100644 index 000000000..dc39ba994 --- /dev/null +++ b/definitions/azureprovider.k8s.io/azuremachineproviderspec.yaml @@ -0,0 +1,83 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: azuremachineproviderspecs.azureprovider.k8s.io +spec: + group: azureprovider.k8s.io + names: + kind: AzureMachineProviderSpec + plural: azuremachineproviderspecs + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + image: + properties: + offer: + type: string + publisher: + type: string + sku: + type: string + version: + type: string + required: + - publisher + - offer + - sku + - version + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + location: + type: string + metadata: + type: object + osDisk: + properties: + diskSizeGB: + format: int32 + type: integer + managedDisk: + properties: + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - osType + - managedDisk + - diskSizeGB + type: object + sshPublicKey: + type: string + vmSize: + type: string + required: + - location + - vmSize + - image + - osDisk + - sshPublicKey + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/azureprovider.k8s.io/azuremachineproviderstatus.yaml b/definitions/azureprovider.k8s.io/azuremachineproviderstatus.yaml new file mode 100644 index 000000000..d53f200b7 --- /dev/null +++ b/definitions/azureprovider.k8s.io/azuremachineproviderstatus.yaml @@ -0,0 +1,79 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: azuremachineproviderstatuses.azureprovider.k8s.io +spec: + group: azureprovider.k8s.io + names: + kind: AzureMachineProviderStatus + plural: azuremachineproviderstatuses + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + conditions: + description: Conditions is a set of conditions associated with the Machine + to indicate errors or other status. + items: + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating details + about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason for the + condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - type + - status + - lastProbeTime + - lastTransitionTime + - reason + - message + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + vmId: + description: VMID is the ID of the virtual machine created in Azure. + type: string + vmState: + description: VMState is the provisioning state of the Azure virtual machine. + type: string + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/b3scale.infra.run/bbbfrontend.yaml b/definitions/b3scale.infra.run/bbbfrontend.yaml new file mode 100644 index 000000000..edce8aedc --- /dev/null +++ b/definitions/b3scale.infra.run/bbbfrontend.yaml @@ -0,0 +1,118 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bbbfrontends.b3scale.infra.run +spec: + group: b3scale.infra.run + names: + kind: BBBFrontend + listKind: BBBFrontendList + plural: bbbfrontends + singular: bbbfrontend + scope: Namespaced + + versions: + - name: v1 + served: true + storage: true + subresources: + status: { } + schema: + openAPIV3Schema: + type: object + properties: + spec: + description: Desired state of the BBBFrontend resource. + type: object + properties: + credentials: + description: Predefined credentials for the B3scale instance + type: object + nullable: true + properties: + key: + type: string + description: Predefined key for B3scale instance, will be defined if not set + secretRef: + description: SecretRef is a reference to a key in a Secret resource containing the key to connect to the BBB instance. + type: object + required: + - name + - key + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. + type: string + name: + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + settings: + description: Settings defines the B3Scale instance settings + type: object + properties: + required_tags: + description: See https://github.com/b3scale/b3scale#middleware-configuration + type: array + nullable: true + items: + type: string + default_presentation: + type: object + nullable: true + description: See https://github.com/b3scale/b3scale#middleware-configuration + properties: + url: + type: string + force: + type: boolean + create_default_params: + type: object + nullable: true + description: See https://github.com/b3scale/b3scale#configure-create-parameter-defaults-and-overrides + additionalProperties: + type: string + create_override_params: + type: object + nullable: true + description: See https://github.com/b3scale/b3scale#configure-create-parameter-defaults-and-overrides + additionalProperties: + type: string + status: + description: Status of the BBBFrontend. This is set and managed automatically. + type: object + properties: + conditions: + description: List of status conditions to indicate the status of the BBB frontend. Known condition types are `Ready`. + type: array + items: + description: BBBFrontendCondition contains condition information for an BBBFrontend. + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + type: string + format: date-time + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + observedGeneration: + description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the BBBFrontend. + type: integer + format: int64 + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of (`True`, `False`, `Unknown`). + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: Type of the condition, known values are (`Ready`). + type: string + diff --git a/definitions/build.pivotal.io/build.yaml b/definitions/build.pivotal.io/build.yaml new file mode 100644 index 000000000..b2a637212 --- /dev/null +++ b/definitions/build.pivotal.io/build.yaml @@ -0,0 +1,29 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: builds.build.pivotal.io +spec: + group: build.pivotal.io + version: v1alpha1 + names: + kind: Build + singular: build + plural: builds + shortNames: + - cnbbuild + - cnbbuilds + - bld + - blds + categories: + - kpack + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Image + type: string + JSONPath: ".status.latestImage" + - name: Succeeded + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Succeeded\")].status" + diff --git a/definitions/build.pivotal.io/builder.yaml b/definitions/build.pivotal.io/builder.yaml new file mode 100644 index 000000000..ba592ce8a --- /dev/null +++ b/definitions/build.pivotal.io/builder.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: builders.build.pivotal.io +spec: + group: build.pivotal.io + version: v1alpha1 + names: + kind: Builder + singular: builder + plural: builders + shortNames: + - cnbbuilder + - cnbbuilders + - bldr + - bldrs + categories: + - kpack + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: LatestImage + type: string + JSONPath: ".status.latestImage" + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" diff --git a/definitions/build.pivotal.io/clusterbuilder.yaml b/definitions/build.pivotal.io/clusterbuilder.yaml new file mode 100644 index 000000000..d87256b37 --- /dev/null +++ b/definitions/build.pivotal.io/clusterbuilder.yaml @@ -0,0 +1,25 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterbuilders.build.pivotal.io +spec: + group: build.pivotal.io + version: v1alpha1 + names: + kind: ClusterBuilder + singular: clusterbuilder + plural: clusterbuilders + shortNames: + - clstbldr + categories: + - kpack + scope: Cluster + subresources: + status: {} + additionalPrinterColumns: + - name: LatestImage + type: string + JSONPath: ".status.latestImage" + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" diff --git a/definitions/build.pivotal.io/image.yaml b/definitions/build.pivotal.io/image.yaml new file mode 100644 index 000000000..573735155 --- /dev/null +++ b/definitions/build.pivotal.io/image.yaml @@ -0,0 +1,29 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: images.build.pivotal.io +spec: + group: build.pivotal.io + version: v1alpha1 + names: + kind: Image + singular: image + plural: images + shortNames: + - cnbimage + - cnbimages + - img + - imgs + categories: + - kpack + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: LatestImage + type: string + JSONPath: ".status.latestImage" + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" + diff --git a/definitions/build.pivotal.io/sourceresolver.yaml b/definitions/build.pivotal.io/sourceresolver.yaml new file mode 100644 index 000000000..92fbc2798 --- /dev/null +++ b/definitions/build.pivotal.io/sourceresolver.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: sourceresolvers.build.pivotal.io +spec: + group: build.pivotal.io + version: v1alpha1 + names: + kind: SourceResolver + singular: sourceresolver + plural: sourceresolvers + categories: + - kpack + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" diff --git a/definitions/caching.internal.knative.dev/image.yaml b/definitions/caching.internal.knative.dev/image.yaml new file mode 100644 index 000000000..5e3a6d6fb --- /dev/null +++ b/definitions/caching.internal.knative.dev/image.yaml @@ -0,0 +1,21 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev +spec: + group: caching.internal.knative.dev + names: + categories: + - all + - knative-internal + - caching + kind: Image + plural: images + shortNames: + - img + singular: image + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + diff --git a/definitions/camel.apache.org/kameletbinding.yaml b/definitions/camel.apache.org/kameletbinding.yaml new file mode 100644 index 000000000..9cafe1350 --- /dev/null +++ b/definitions/camel.apache.org/kameletbinding.yaml @@ -0,0 +1,8959 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + labels: + app: camel-k + name: kameletbindings.camel.apache.org +spec: + group: camel.apache.org + names: + categories: + - kamel + - camel + kind: KameletBinding + listKind: KameletBindingList + plural: kameletbindings + shortNames: + - klb + singular: kameletbinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The Kamelet Binding phase + jsonPath: .status.phase + name: Phase + type: string + - description: The number of pods + jsonPath: .status.replicas + name: Replicas + type: integer + deprecated: true + deprecationWarning: v1apha1.KameletBinding is deprecated, please, use v1.Pipe + instead + name: v1alpha1 + schema: + openAPIV3Schema: + description: KameletBinding is the Schema for the kamelets binding API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: the specification of a KameletBinding + properties: + errorHandler: + description: ErrorHandler is an optional handler called upon an error + occurring in the integration + type: object + x-kubernetes-preserve-unknown-fields: true + integration: + description: Integration is an optional integration used to specify + custom parameters + properties: + configuration: + description: |- + Deprecated: + Use camel trait (camel.properties) to manage properties + Use mount trait (mount.configs) to manage configs + Use mount trait (mount.resources) to manage resources + Use mount trait (mount.volumes) to manage volumes + items: + description: ConfigurationSpec represents a generic configuration + specification. + properties: + type: + description: 'represents the type of configuration, ie: + property, configmap, secret, ...' + type: string + value: + description: the value to assign to the configuration (syntax + may vary depending on the `Type`) + type: string + required: + - type + - value + type: object + type: array + dependencies: + description: the list of Camel or Maven dependencies required + by the Integration + items: + type: string + type: array + flows: + description: a source in YAML DSL language which contain the routes + to run + items: + description: Flow is an unstructured object representing a Camel + Flow in YAML/JSON DSL. + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + integrationKit: + description: the reference of the `IntegrationKit` which is used + for this Integration + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + profile: + description: the profile needed to run this Integration + type: string + replicas: + description: the number of `Pods` needed for the running Integration + format: int32 + type: integer + repositories: + description: additional Maven repositories to be used + items: + type: string + type: array + serviceAccountName: + description: custom SA to use for the Integration + type: string + sources: + description: the sources which contain the Camel routes to run + items: + description: SourceSpec defines the configuration for one or + more routes to be executed in a certain Camel DSL language. + properties: + compression: + description: if the content is compressed (base64 encrypted) + type: boolean + content: + description: the source code (plain text) + type: string + contentKey: + description: the confimap key holding the source content + type: string + contentRef: + description: the confimap reference holding the source content + type: string + contentType: + description: the content type (tipically text or binary) + type: string + from-kamelet: + description: True if the spec is generated from a Kamelet + type: boolean + interceptors: + description: |- + Interceptors are optional identifiers the org.apache.camel.k.RoutesLoader + uses to pre/post process sources + Deprecated: no longer in use. + items: + type: string + type: array + language: + description: specify which is the language (Camel DSL) used + to interpret this source code + type: string + loader: + description: |- + Loader is an optional id of the org.apache.camel.k.RoutesLoader that will + interpret this source at runtime + type: string + name: + description: the name of the specification + type: string + path: + description: the path where the file is stored + type: string + property-names: + description: List of property names defined in the source + (e.g. if type is "template") + items: + type: string + type: array + rawContent: + description: the source code (binary) + format: byte + type: string + type: + description: Type defines the kind of source described by + this object + type: string + type: object + type: array + template: + description: Pod template customization + properties: + spec: + description: the specification + properties: + activeDeadlineSeconds: + description: ActiveDeadlineSeconds + format: int64 + type: integer + automountServiceAccountToken: + description: AutomountServiceAccountToken + type: boolean + containers: + description: Containers + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will be + mapped to. + type: string + name: + description: name must match the name of a + persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsPolicy: + description: DNSPolicy + type: string + ephemeralContainers: + description: EphemeralContainers + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + + + To add an ephemeral container, use the ephemeralcontainers subresource of an existing + Pod. Ephemeral containers may not be removed or restarted. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. If the runtime does not + support namespace targeting then the result of setting this field is undefined. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will be + mapped to. + type: string + name: + description: name must match the name of a + persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + initContainers: + description: InitContainers + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will be + mapped to. + type: string + name: + description: name must match the name of a + persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector + type: object + restartPolicy: + description: RestartPolicy + type: string + securityContext: + description: PodSecurityContext + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds + format: int64 + type: integer + topologySpreadConstraints: + description: TopologySpreadConstraints + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumes: + description: Volumes + items: + description: Volume represents a named volume in a pod + that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to the + pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name and + Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on + the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph tree, + default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and + then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a Flocker + dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for + iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets + host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a + Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of + the ScaleIO Protection Domain for the configured + storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + traits: + description: the traits needed to run this Integration + properties: + 3scale: + description: 'Deprecated: for backward compatibility.' + properties: + configuration: + description: TraitConfiguration parameters configuration + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - configuration + type: object + addons: + additionalProperties: + description: AddonTrait represents the configuration of + an addon trait. + type: object + x-kubernetes-preserve-unknown-fields: true + description: The extension point with addon traits + type: object + affinity: + description: The configuration of Affinity trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + nodeAffinityLabels: + description: Defines a set of nodes the integration pod(s) + are eligible to be scheduled on, based on labels on + the node. + items: + type: string + type: array + podAffinity: + description: Always co-locates multiple replicas of the + integration in the same node (default `false`). + type: boolean + podAffinityLabels: + description: |- + Defines a set of pods (namely those matching the label selector, relative to the given namespace) that the + integration pod(s) should be co-located with. + items: + type: string + type: array + podAntiAffinity: + description: Never co-locates multiple replicas of the + integration in the same node (default `false`). + type: boolean + podAntiAffinityLabels: + description: |- + Defines a set of pods (namely those matching the label selector, relative to the given namespace) that the + integration pod(s) should not be co-located with. + items: + type: string + type: array + type: object + builder: + description: The configuration of Builder trait + properties: + annotations: + additionalProperties: + type: string + description: When using `pod` strategy, annotation to + use for the builder pod. + type: object + baseImage: + description: |- + Specify a base image. In order to have the application working properly it must be a container image which has a Java JDK + installed and ready to use on path (ie `/usr/bin/java`). + type: string + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + incrementalImageBuild: + description: Use the incremental image build option, to + reuse existing containers (default `true`) + type: boolean + limitCPU: + description: |- + When using `pod` strategy, the maximum amount of CPU required by the pod builder. + Deprecated: use TasksRequestCPU instead with task name `builder`. + type: string + limitMemory: + description: |- + When using `pod` strategy, the maximum amount of memory required by the pod builder. + Deprecated: use TasksRequestCPU instead with task name `builder`. + type: string + mavenProfiles: + description: |- + A list of references pointing to configmaps/secrets that contains a maven profile. + This configmap/secret is a resource of the IntegrationKit created, therefore it needs to be present in the namespace where the operator is going to create the IntegrationKit. + The content of the maven profile is expected to be a text containing a valid maven profile starting with `` and ending with `` that will be integrated as an inline profile in the POM. + Syntax: [configmap|secret]:name[/key], where name represents the resource name, key optionally represents the resource key to be filtered (default key value = profile.xml). + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + description: Defines a set of nodes the builder pod is + eligible to be scheduled on, based on labels on the + node. + type: object + orderStrategy: + description: The build order strategy to use, either `dependencies`, + `fifo` or `sequential` (default is the platform default) + enum: + - dependencies + - fifo + - sequential + type: string + platforms: + description: The list of manifest platforms to use to + build a container image (default `linux/amd64`). + items: + type: string + type: array + properties: + description: A list of properties to be provided to the + build task + items: + type: string + type: array + requestCPU: + description: |- + When using `pod` strategy, the minimum amount of CPU required by the pod builder. + Deprecated: use TasksRequestCPU instead with task name `builder`. + type: string + requestMemory: + description: |- + When using `pod` strategy, the minimum amount of memory required by the pod builder. + Deprecated: use TasksRequestCPU instead with task name `builder`. + type: string + strategy: + description: The strategy to use, either `pod` or `routine` + (default `routine`) + enum: + - pod + - routine + type: string + tasks: + description: A list of tasks to be executed (available + only when using `pod` strategy) with format `;;`. + items: + type: string + type: array + tasksFilter: + description: |- + A list of tasks sorted by the order of execution in a csv format, ie, `,,...`. + Mind that you must include also the operator tasks (`builder`, `quarkus-native`, `package`, `jib`, `s2i`) + if you need to execute them. Useful only with `pod` strategy. + type: string + tasksLimitCPU: + description: A list of limit cpu configuration for the + specific task with format `:`. + items: + type: string + type: array + tasksLimitMemory: + description: A list of limit memory configuration for + the specific task with format `:`. + items: + type: string + type: array + tasksRequestCPU: + description: A list of request cpu configuration for the + specific task with format `:`. + items: + type: string + type: array + tasksRequestMemory: + description: A list of request memory configuration for + the specific task with format `:`. + items: + type: string + type: array + verbose: + description: |- + Enable verbose logging on build components that support it (e.g. Kaniko build pod). + Deprecated no longer in use + type: boolean + type: object + camel: + description: The configuration of Camel trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + properties: + description: A list of properties to be provided to the + Integration runtime + items: + type: string + type: array + runtimeVersion: + description: |- + The camel-k-runtime version to use for the integration. It overrides the default version set in the Integration Platform. + You can use a fixed version (for example "3.2.3") or a semantic version (for example "3.x") which will try to resolve + to the best matching Catalog existing on the cluster. + type: string + type: object + container: + description: The configuration of Container trait + properties: + allowPrivilegeEscalation: + description: Security Context AllowPrivilegeEscalation + configuration (default false). + type: boolean + auto: + description: To automatically enable the trait + type: boolean + capabilitiesAdd: + description: Security Context Capabilities Add configuration + (default none). + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + capabilitiesDrop: + description: Security Context Capabilities Drop configuration + (default ALL). + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + expose: + description: Can be used to enable/disable exposure via + kubernetes Service. + type: boolean + image: + description: |- + The main container image to use for the Integration. When using this parameter the operator will create a synthetic IntegrationKit which + won't be able to execute traits requiring CamelCatalog. If the container image you're using is coming from an IntegrationKit, use instead + Integration `.spec.integrationKit` parameter. If you're moving the Integration across environments, you will also need to create an "external" IntegrationKit. + type: string + imagePullPolicy: + description: 'The pull policy: Always|Never|IfNotPresent' + enum: + - Always + - Never + - IfNotPresent + type: string + limitCPU: + description: The maximum amount of CPU to be provided + (default 500 millicores). + type: string + limitMemory: + description: The maximum amount of memory to be provided + (default 512 Mi). + type: string + name: + description: The main container name. It's named `integration` + by default. + type: string + port: + description: To configure a different port exposed by + the container (default `8080`). + type: integer + portName: + description: To configure a different port name for the + port exposed by the container. It defaults to `http` + only when the `expose` parameter is true. + type: string + requestCPU: + description: The minimum amount of CPU required (default + 125 millicores). + type: string + requestMemory: + description: The minimum amount of memory required (default + 128 Mi). + type: string + runAsNonRoot: + description: Security Context RunAsNonRoot configuration + (default false). + type: boolean + runAsUser: + description: 'Security Context RunAsUser configuration + (default none): this value is automatically retrieved + in Openshift clusters when not explicitly set.' + format: int64 + type: integer + seccompProfileType: + description: Security Context SeccompProfileType configuration + (default RuntimeDefault). + enum: + - Unconfined + - RuntimeDefault + type: string + servicePort: + description: To configure under which service port the + container port is to be exposed (default `80`). + type: integer + servicePortName: + description: To configure under which service port name + the container port is to be exposed (default `http`). + type: string + type: object + cron: + description: The configuration of Cron trait + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds, relative to the start time, that the job + may be continuously active before it is considered to be failed. + It defaults to 60s. + format: int64 + type: integer + auto: + description: |- + Automatically deploy the integration as CronJob when all routes are + either starting from a periodic consumer (only `cron`, `timer` and `quartz` are supported) or a passive consumer (e.g. `direct` is a passive consumer). + + + It's required that all periodic consumers have the same period, and it can be expressed as cron schedule (e.g. `1m` can be expressed as `0/1 * * * *`, + while `35m` or `50s` cannot). + type: boolean + backoffLimit: + description: |- + Specifies the number of retries before marking the job failed. + It defaults to 2. + format: int32 + type: integer + components: + description: |- + A comma separated list of the Camel components that need to be customized in order for them to work when the schedule is triggered externally by Kubernetes. + Supported components are currently: `cron`, `timer` and `quartz`. + type: string + concurrencyPolicy: + description: |- + Specifies how to treat concurrent executions of a Job. + Valid values are: + - "Allow": allows CronJobs to run concurrently; + - "Forbid" (default): forbids concurrent runs, skipping next run if previous run hasn't finished yet; + - "Replace": cancels currently running job and replaces it with a new one + enum: + - Allow + - Forbid + - Replace + type: string + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + fallback: + description: |- + Use the default Camel implementation of the `cron` endpoint (`quartz`) instead of trying to materialize the integration + as Kubernetes CronJob. + type: boolean + schedule: + description: |- + The CronJob schedule for the whole integration. If multiple routes are declared, they must have the same schedule for this + mechanism to work correctly. + type: string + startingDeadlineSeconds: + description: |- + Optional deadline in seconds for starting the job if it misses scheduled + time for any reason. Missed jobs executions will be counted as failed ones. + format: int64 + type: integer + timeZone: + description: The timezone that the CronJob will run on + type: string + type: object + dependencies: + description: The configuration of Dependencies trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + type: object + deployer: + description: The configuration of Deployer trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + kind: + description: Allows to explicitly select the desired deployment + kind between `deployment`, `cron-job` or `knative-service` + when creating the resources for running the integration. + enum: + - deployment + - cron-job + - knative-service + type: string + useSSA: + description: |- + Deprecated: won't be able to enforce client side update in the future. + Use server-side apply to update the owned resources (default `true`). + Note that it automatically falls back to client-side patching, if SSA is not available, e.g., on old Kubernetes clusters. + type: boolean + type: object + deployment: + description: The configuration of Deployment trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + progressDeadlineSeconds: + description: |- + The maximum time in seconds for the deployment to make progress before it + is considered to be failed. It defaults to `60s`. + format: int32 + type: integer + rollingUpdateMaxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be scheduled above the desired number of + pods. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. + Absolute number is calculated from percentage by rounding up. + Defaults to `25%`. + x-kubernetes-int-or-string: true + rollingUpdateMaxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding down. + This can not be 0 if MaxSurge is 0. + Defaults to `25%`. + x-kubernetes-int-or-string: true + strategy: + description: The deployment strategy to use to replace + existing pods with new ones. + enum: + - Recreate + - RollingUpdate + type: string + type: object + environment: + description: The configuration of Environment trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + containerMeta: + description: Enables injection of `NAMESPACE` and `POD_NAME` + environment variables (default `true`) + type: boolean + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + httpProxy: + description: Propagates the `HTTP_PROXY`, `HTTPS_PROXY` + and `NO_PROXY` environment variables (default `true`) + type: boolean + vars: + description: |- + A list of environment variables to be added to the integration container. + The syntax is either VAR=VALUE or VAR=[configmap|secret]:name/key, where name represents the resource name, + and key represents the resource key to be mapped as and environment variable. + These take precedence over any previously defined environment variables. + items: + type: string + type: array + type: object + error-handler: + description: The configuration of Error Handler trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + ref: + description: The error handler ref name provided or found + in application properties + type: string + type: object + gc: + description: The configuration of GC trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + discoveryCache: + description: |- + Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`). + Deprecated: to be removed from trait configuration. + enum: + - disabled + - disk + - memory + type: string + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + type: object + health: + description: The configuration of Health trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + livenessFailureThreshold: + description: Minimum consecutive failures for the liveness + probe to be considered failed after having succeeded. + format: int32 + type: integer + livenessInitialDelay: + description: Number of seconds after the container has + started before the liveness probe is initiated. + format: int32 + type: integer + livenessPeriod: + description: How often to perform the liveness probe. + format: int32 + type: integer + livenessProbe: + description: The liveness probe path to use (default provided + by the Catalog runtime used). + type: string + livenessProbeEnabled: + description: Configures the liveness probe for the integration + container (default `false`). + type: boolean + livenessScheme: + description: Scheme to use when connecting to the liveness + probe (default `HTTP`). + type: string + livenessSuccessThreshold: + description: Minimum consecutive successes for the liveness + probe to be considered successful after having failed. + format: int32 + type: integer + livenessTimeout: + description: Number of seconds after which the liveness + probe times out. + format: int32 + type: integer + readinessFailureThreshold: + description: Minimum consecutive failures for the readiness + probe to be considered failed after having succeeded. + format: int32 + type: integer + readinessInitialDelay: + description: Number of seconds after the container has + started before the readiness probe is initiated. + format: int32 + type: integer + readinessPeriod: + description: How often to perform the readiness probe. + format: int32 + type: integer + readinessProbe: + description: The readiness probe path to use (default + provided by the Catalog runtime used). + type: string + readinessProbeEnabled: + description: Configures the readiness probe for the integration + container (default `true`). + type: boolean + readinessScheme: + description: Scheme to use when connecting to the readiness + probe (default `HTTP`). + type: string + readinessSuccessThreshold: + description: Minimum consecutive successes for the readiness + probe to be considered successful after having failed. + format: int32 + type: integer + readinessTimeout: + description: Number of seconds after which the readiness + probe times out. + format: int32 + type: integer + startupFailureThreshold: + description: Minimum consecutive failures for the startup + probe to be considered failed after having succeeded. + format: int32 + type: integer + startupInitialDelay: + description: Number of seconds after the container has + started before the startup probe is initiated. + format: int32 + type: integer + startupPeriod: + description: How often to perform the startup probe. + format: int32 + type: integer + startupProbe: + description: The startup probe path to use (default provided + by the Catalog runtime used). + type: string + startupProbeEnabled: + description: Configures the startup probe for the integration + container (default `false`). + type: boolean + startupScheme: + description: Scheme to use when connecting to the startup + probe (default `HTTP`). + type: string + startupSuccessThreshold: + description: Minimum consecutive successes for the startup + probe to be considered successful after having failed. + format: int32 + type: integer + startupTimeout: + description: Number of seconds after which the startup + probe times out. + format: int32 + type: integer + type: object + ingress: + description: The configuration of Ingress trait + properties: + annotations: + additionalProperties: + type: string + description: |- + The annotations added to the ingress. + This can be used to set controller specific annotations, e.g., when using the NGINX Ingress controller: + See https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + type: object + auto: + description: To automatically add an ingress whenever + the integration uses an HTTP endpoint consumer. + type: boolean + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + host: + description: To configure the host exposed by the ingress. + type: string + ingressClassName: + description: |- + The Ingress class name as defined by the Ingress spec + See https://kubernetes.io/docs/concepts/services-networking/ingress/ + type: string + path: + description: To configure the path exposed by the ingress + (default `/`). + type: string + pathType: + description: |- + To configure the path type exposed by the ingress. + One of `Exact`, `Prefix`, `ImplementationSpecific` (default to `Prefix`). + enum: + - Exact + - Prefix + - ImplementationSpecific + type: string + tlsHosts: + description: To configure tls hosts + items: + type: string + type: array + tlsSecretName: + description: To configure tls secret name + type: string + type: object + istio: + description: The configuration of Istio trait + properties: + allow: + description: Configures a (comma-separated) list of CIDR + subnets that should not be intercepted by the Istio + proxy (`10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` by + default). + type: string + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + inject: + description: Forces the value for labels `sidecar.istio.io/inject`. + By default the label is set to `true` on deployment + and not set on Knative Service. + type: boolean + type: object + jolokia: + description: The configuration of Jolokia trait + properties: + CACert: + description: |- + The PEM encoded CA certification file path, used to verify client certificates, + applicable when `protocol` is `https` and `use-ssl-client-authentication` is `true` + (default `/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt` for OpenShift). + type: string + clientPrincipal: + description: |- + The principal(s) which must be given in a client certificate to allow access to the Jolokia endpoint, + applicable when `protocol` is `https` and `use-ssl-client-authentication` is `true` + (default `clientPrincipal=cn=system:master-proxy`, `cn=hawtio-online.hawtio.svc` and `cn=fuse-console.fuse.svc` for OpenShift). + items: + type: string + type: array + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + discoveryEnabled: + description: Listen for multicast requests (default `false`) + type: boolean + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + extendedClientCheck: + description: |- + Mandate the client certificate contains a client flag in the extended key usage section, + applicable when `protocol` is `https` and `use-ssl-client-authentication` is `true` + (default `true` for OpenShift). + type: boolean + host: + description: |- + The Host address to which the Jolokia agent should bind to. If `"\*"` or `"0.0.0.0"` is given, + the servers binds to every network interface (default `"*"`). + type: string + options: + description: |- + A list of additional Jolokia options as defined + in https://jolokia.org/reference/html/agents.html#agent-jvm-config[JVM agent configuration options] + items: + type: string + type: array + password: + description: The password used for authentication, applicable + when the `user` option is set. + type: string + port: + description: The Jolokia endpoint port (default `8778`). + type: integer + protocol: + description: The protocol to use, either `http` or `https` + (default `https` for OpenShift) + type: string + useSSLClientAuthentication: + description: Whether client certificates should be used + for authentication (default `true` for OpenShift). + type: boolean + user: + description: The user to be used for authentication + type: string + type: object + jvm: + description: The configuration of JVM trait + properties: + classpath: + description: Additional JVM classpath (use `Linux` classpath + separator) + type: string + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + debug: + description: Activates remote debugging, so that a debugger + can be attached to the JVM, e.g., using port-forwarding + type: boolean + debugAddress: + description: Transport address at which to listen for + the newly launched JVM (default `*:5005`) + type: string + debugSuspend: + description: Suspends the target JVM immediately before + the main class is loaded + type: boolean + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + jar: + description: The Jar dependency which will run the application. + Leave it empty for managed Integrations. + type: string + options: + description: A list of JVM options + items: + type: string + type: array + printCommand: + description: |- + Prints the command used the start the JVM in the container logs (default `true`) + Deprecated: no longer in use. + type: boolean + type: object + kamelets: + description: The configuration of Kamelets trait + properties: + auto: + description: Automatically inject all referenced Kamelets + and their default configuration (enabled by default) + type: boolean + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + list: + description: Comma separated list of Kamelet names to + load into the current integration + type: string + mountPoint: + description: The directory where the application mounts + and reads Kamelet spec (default `/etc/camel/kamelets`) + type: string + type: object + keda: + description: 'Deprecated: for backward compatibility.' + properties: + configuration: + description: TraitConfiguration parameters configuration + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - configuration + type: object + knative: + description: The configuration of Knative trait + properties: + auto: + description: Enable automatic discovery of all trait properties. + type: boolean + channelSinks: + description: |- + List of channels used as destination of integration routes. + Can contain simple channel names or full Camel URIs. + items: + type: string + type: array + channelSources: + description: |- + List of channels used as source of integration routes. + Can contain simple channel names or full Camel URIs. + items: + type: string + type: array + config: + description: Can be used to inject a Knative complete + configuration in JSON format. + type: string + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + endpointSinks: + description: |- + List of endpoints used as destination of integration routes. + Can contain simple endpoint names or full Camel URIs. + items: + type: string + type: array + endpointSources: + description: List of channels used as source of integration + routes. + items: + type: string + type: array + eventSinks: + description: |- + List of event types that the integration will produce. + Can contain simple event types or full Camel URIs (to use a specific broker). + items: + type: string + type: array + eventSources: + description: |- + List of event types that the integration will be subscribed to. + Can contain simple event types or full Camel URIs (to use a specific broker different from "default"). + items: + type: string + type: array + filterEventType: + description: |- + Enables the default filtering for the Knative trigger using the event type + If this is true, the created Knative trigger uses the event type as a filter on the event stream when no other filter criteria is given. (default: true) + type: boolean + filterSourceChannels: + description: |- + Enables filtering on events based on the header "ce-knativehistory". Since this header has been removed in newer versions of + Knative, filtering is disabled by default. + type: boolean + filters: + description: |- + Sets filter attributes on the event stream (such as event type, source, subject and so on). + A list of key-value pairs that represent filter attributes and its values. + The syntax is KEY=VALUE, e.g., `source="my.source"`. + Filter attributes get set on the Knative trigger that is being created as part of this integration. + items: + type: string + type: array + namespaceLabel: + description: |- + Enables the camel-k-operator to set the "bindings.knative.dev/include=true" label to the namespace + As Knative requires this label to perform injection of K_SINK URL into the service. + If this is false, the integration pod may start and fail, read the SinkBinding Knative documentation. (default: true) + type: boolean + sinkBinding: + description: |- + Allows binding the integration to a sink via a Knative SinkBinding resource. + This can be used when the integration targets a single sink. + It's enabled by default when the integration targets a single sink + (except when the integration is owned by a Knative source). + type: boolean + type: object + knative-service: + description: The configuration of Knative Service trait + properties: + annotations: + additionalProperties: + type: string + description: |- + The annotations added to route. + This can be used to set knative service specific annotations + CLI usage example: -t "knative-service.annotations.'haproxy.router.openshift.io/balance'=true" + type: object + auto: + description: |- + Automatically deploy the integration as Knative service when all conditions hold: + + + * Integration is using the Knative profile + * All routes are either starting from an HTTP based consumer or a passive consumer (e.g. `direct` is a passive consumer) + type: boolean + autoscalingMetric: + description: |- + Configures the Knative autoscaling metric property (e.g. to set `concurrency` based or `cpu` based autoscaling). + + + Refer to the Knative documentation for more information. + type: string + autoscalingTarget: + description: |- + Sets the allowed concurrency level or CPU percentage (depending on the autoscaling metric) for each Pod. + + + Refer to the Knative documentation for more information. + type: integer + class: + description: |- + Configures the Knative autoscaling class property (e.g. to set `hpa.autoscaling.knative.dev` or `kpa.autoscaling.knative.dev` autoscaling). + + + Refer to the Knative documentation for more information. + enum: + - kpa.autoscaling.knative.dev + - hpa.autoscaling.knative.dev + type: string + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + maxScale: + description: |- + An upper bound for the number of Pods that can be running in parallel for the integration. + Knative has its own cap value that depends on the installation. + + + Refer to the Knative documentation for more information. + type: integer + minScale: + description: |- + The minimum number of Pods that should be running at any time for the integration. It's **zero** by default, meaning that + the integration is scaled down to zero when not used for a configured amount of time. + + + Refer to the Knative documentation for more information. + type: integer + rolloutDuration: + description: |- + Enables to gradually shift traffic to the latest Revision and sets the rollout duration. + It's disabled by default and must be expressed as a Golang `time.Duration` string representation, + rounded to a second precision. + type: string + timeoutSeconds: + description: |- + The maximum duration in seconds that the request instance is allowed to respond to a request. + This field propagates to the integration pod's terminationGracePeriodSeconds + + + Refer to the Knative documentation for more information. + format: int64 + type: integer + visibility: + description: |- + Setting `cluster-local`, Knative service becomes a private service. + Specifically, this option applies the `networking.knative.dev/visibility` label to Knative service. + + + Refer to the Knative documentation for more information. + enum: + - cluster-local + type: string + type: object + logging: + description: The configuration of Logging trait + properties: + color: + description: Colorize the log output + type: boolean + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + format: + description: Logs message format + type: string + json: + description: Output the logs in JSON + type: boolean + jsonPrettyPrint: + description: Enable "pretty printing" of the JSON logs + type: boolean + level: + description: Adjust the logging level (defaults to `INFO`) + enum: + - FATAL + - WARN + - INFO + - DEBUG + - TRACE + type: string + type: object + master: + description: 'Deprecated: for backward compatibility.' + properties: + configuration: + description: TraitConfiguration parameters configuration + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - configuration + type: object + mount: + description: The configuration of Mount trait + properties: + configs: + description: |- + A list of configuration pointing to configmap/secret. + The configuration are expected to be UTF-8 resources as they are processed by runtime Camel Context and tried to be parsed as property files. + They are also made available on the classpath in order to ease their usage directly from the Route. + Syntax: [configmap|secret]:name[/key], where name represents the resource name and key optionally represents the resource key to be filtered + items: + type: string + type: array + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + emptyDirs: + description: |- + A list of EmptyDir volumes to be mounted. An optional size limit may be configured (default 500Mi). + Syntax: name:/container/path[:sizeLimit] + items: + type: string + type: array + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + hotReload: + description: |- + Enable "hot reload" when a secret/configmap mounted is edited (default `false`). The configmap/secret must be + marked with `camel.apache.org/integration` label to be taken in account. The resource will be watched for any kind change, also for + changes in metadata. + type: boolean + resources: + description: |- + A list of resources (text or binary content) pointing to configmap/secret. + The resources are expected to be any resource type (text or binary content). + The destination path can be either a default location or any path specified by the user. + Syntax: [configmap|secret]:name[/key][@path], where name represents the resource name, key optionally represents the resource key to be filtered and path represents the destination path + items: + type: string + type: array + scanKameletsImplicitLabelSecrets: + description: 'Deprecated: no longer available since version + 2.5.' + type: boolean + volumes: + description: |- + A list of Persistent Volume Claims to be mounted. Syntax: [pvcname:/container/path]. If the PVC is not found, the Integration fails. + You can use the syntax [pvcname:/container/path:size:accessMode<:storageClass>] to create a dynamic PVC based on the Storage Class provided + or the default cluster Storage Class. However, if the PVC exists, the operator would mount it. + items: + type: string + type: array + type: object + openapi: + description: The configuration of OpenAPI trait + properties: + configmaps: + description: The configmaps holding the spec of the OpenAPI + (compatible with > 3.0 spec only). + items: + type: string + type: array + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + type: object + owner: + description: The configuration of Owner trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + targetAnnotations: + description: The set of annotations to be transferred + items: + type: string + type: array + targetLabels: + description: The set of labels to be transferred + items: + type: string + type: array + type: object + pdb: + description: The configuration of PDB trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + maxUnavailable: + description: |- + The number of pods for the Integration that can be unavailable after an eviction. + It can be either an absolute number or a percentage (default `1` if `min-available` is also not set). + Only one of `max-unavailable` and `min-available` can be specified. + type: string + minAvailable: + description: |- + The number of pods for the Integration that must still be available after an eviction. + It can be either an absolute number or a percentage. + Only one of `min-available` and `max-unavailable` can be specified. + type: string + type: object + platform: + description: The configuration of Platform trait + properties: + auto: + description: |- + To automatically detect from the environment if a default platform can be created (it will be created on OpenShift or when a registry address is set). + Deprecated: Platform is auto generated by the operator install procedure - maintained for backward compatibility + type: boolean + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + createDefault: + description: |- + To create a default (empty) platform when the platform is missing. + Deprecated: Platform is auto generated by the operator install procedure - maintained for backward compatibility + type: boolean + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + global: + description: |- + Indicates if the platform should be created globally in the case of global operator (default true). + Deprecated: Platform is auto generated by the operator install procedure - maintained for backward compatibility + type: boolean + type: object + pod: + description: The configuration of Pod trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + type: object + prometheus: + description: The configuration of Prometheus trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + podMonitor: + description: Whether a `PodMonitor` resource is created + (default `true`). + type: boolean + podMonitorLabels: + description: The `PodMonitor` resource labels, applicable + when `pod-monitor` is `true`. + items: + type: string + type: array + type: object + pull-secret: + description: The configuration of Pull Secret trait + properties: + auto: + description: Automatically configures the platform registry + secret on the pod if it is of type `kubernetes.io/dockerconfigjson`. + type: boolean + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + imagePullerDelegation: + description: When using a global operator with a shared + platform, this enables delegation of the `system:image-puller` + cluster role on the operator namespace to the integration + service account. + type: boolean + secretName: + description: The pull secret name to set on the Pod. If + left empty this is automatically taken from the `IntegrationPlatform` + registry configuration. + type: string + type: object + quarkus: + description: The configuration of Quarkus trait + properties: + buildMode: + description: |- + The Quarkus mode to run: either `jvm` or `native` (default `jvm`). + In case both `jvm` and `native` are specified, two `IntegrationKit` resources are created, + with the `native` kit having precedence over the `jvm` one once ready. + items: + description: QuarkusMode is the type of Quarkus build + packaging. + enum: + - jvm + - native + type: string + type: array + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + nativeBaseImage: + description: The base image to use when running a native + build (default `quay.io/quarkus/quarkus-micro-image:2.0`) + type: string + nativeBuilderImage: + description: The image containing the tooling required + for a native build (by default it will use the one provided + in the runtime catalog) + type: string + packageTypes: + description: |- + The Quarkus package types, `fast-jar` or `native` (default `fast-jar`). + In case both `fast-jar` and `native` are specified, two `IntegrationKit` resources are created, + with the native kit having precedence over the `fast-jar` one once ready. + The order influences the resolution of the current kit for the integration. + The kit corresponding to the first package type will be assigned to the + integration in case no existing kit that matches the integration exists. + Deprecated: use `build-mode` instead. + items: + description: |- + QuarkusPackageType is the type of Quarkus build packaging. + Deprecated: use `QuarkusMode` instead. + enum: + - fast-jar + - native + type: string + type: array + type: object + registry: + description: |- + The configuration of Registry trait (support removed since version 2.5.0). + Deprecated: use jvm trait or read documentation. + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + type: object + route: + description: The configuration of Route trait + properties: + annotations: + additionalProperties: + type: string + description: |- + The annotations added to route. + This can be used to set route specific annotations + For annotations options see https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html#route-specific-annotations + CLI usage example: -t "route.annotations.'haproxy.router.openshift.io/balance'=true" + type: object + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + host: + description: To configure the host exposed by the route. + type: string + tlsCACertificate: + description: |- + The TLS CA certificate contents. + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsCACertificateSecret: + description: |- + The secret name and key reference to the TLS CA certificate. The format is "secret-name[/key-name]", the value represents the secret name, if there is only one key in the secret it will be read, otherwise you can set a key name separated with a "/". + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsCertificate: + description: |- + The TLS certificate contents. + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsCertificateSecret: + description: |- + The secret name and key reference to the TLS certificate. The format is "secret-name[/key-name]", the value represents the secret name, if there is only one key in the secret it will be read, otherwise you can set a key name separated with a "/". + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsDestinationCACertificate: + description: |- + The destination CA certificate provides the contents of the ca certificate of the final destination. When using reencrypt + termination this file should be provided in order to have routers use it for health checks on the secure connection. + If this field is not specified, the router may provide its own destination CA and perform hostname validation using + the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically + verify. + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsDestinationCACertificateSecret: + description: |- + The secret name and key reference to the destination CA certificate. The format is "secret-name[/key-name]", the value represents the secret name, if there is only one key in the secret it will be read, otherwise you can set a key name separated with a "/". + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsInsecureEdgeTerminationPolicy: + description: |- + To configure how to deal with insecure traffic, e.g. `Allow`, `Disable` or `Redirect` traffic. + + + Refer to the OpenShift route documentation for additional information. + enum: + - None + - Allow + - Redirect + type: string + tlsKey: + description: |- + The TLS certificate key contents. + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsKeySecret: + description: |- + The secret name and key reference to the TLS certificate key. The format is "secret-name[/key-name]", the value represents the secret name, if there is only one key in the secret it will be read, otherwise you can set a key name separated with a "/". + + + Refer to the OpenShift route documentation for additional information. + type: string + tlsTermination: + description: |- + The TLS termination type, like `edge`, `passthrough` or `reencrypt`. + + + Refer to the OpenShift route documentation for additional information. + enum: + - edge + - reencrypt + - passthrough + type: string + type: object + security-context: + description: The configuration of Security Context trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: 'Deprecated: no longer in use.' + type: boolean + runAsNonRoot: + description: Security Context RunAsNonRoot configuration + (default false). + type: boolean + runAsUser: + description: 'Security Context RunAsUser configuration + (default none): this value is automatically retrieved + in Openshift clusters when not explicitly set.' + format: int64 + type: integer + seccompProfileType: + description: Security Context SeccompProfileType configuration + (default RuntimeDefault). + enum: + - Unconfined + - RuntimeDefault + type: string + type: object + service: + description: The configuration of Service trait + properties: + annotations: + additionalProperties: + type: string + description: The annotations added to the Service object. + type: object + auto: + description: To automatically detect from the code if + a Service needs to be created. + type: boolean + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + labels: + additionalProperties: + type: string + description: The labels added to the Service object. + type: object + nodePort: + description: |- + Enable Service to be exposed as NodePort (default `false`). + Deprecated: Use service type instead. + type: boolean + type: + description: The type of service to be used, either 'ClusterIP', + 'NodePort' or 'LoadBalancer'. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + service-binding: + description: The configuration of Service Binding trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + services: + description: List of Services in the form [[apigroup/]version:]kind:[namespace/]name + items: + type: string + type: array + type: object + strimzi: + description: 'Deprecated: for backward compatibility.' + properties: + configuration: + description: TraitConfiguration parameters configuration + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - configuration + type: object + telemetry: + description: The configuration of Telemetry trait + properties: + auto: + description: Enables automatic configuration of the trait, + including automatic discovery of the telemetry endpoint. + type: boolean + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + endpoint: + description: The target endpoint of the Telemetry service + (automatically discovered by default) + type: string + sampler: + description: The sampler of the telemetry used for tracing + (default "on") + type: string + sampler-parent-based: + description: The sampler of the telemetry used for tracing + is parent based (default "true") + type: boolean + sampler-ratio: + description: The sampler ratio of the telemetry used for + tracing + type: string + serviceName: + description: The name of the service that publishes telemetry + data (defaults to the integration name) + type: string + type: object + toleration: + description: The configuration of Toleration trait + properties: + configuration: + description: |- + Legacy trait configuration parameters. + Deprecated: for backward compatibility. + type: object + x-kubernetes-preserve-unknown-fields: true + enabled: + description: Can be used to enable or disable a trait. + All traits share this common property. + type: boolean + taints: + description: The list of taints to tolerate, in the form + `Key[=Value]:Effect[:Seconds]` + items: + type: string + type: array + type: object + tracing: + description: 'Deprecated: for backward compatibility.' + properties: + configuration: + description: TraitConfiguration parameters configuration + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - configuration + type: object + type: object + type: object + replicas: + description: Replicas is the number of desired replicas for the binding + format: int32 + type: integer + serviceAccountName: + description: Custom SA to use for the binding + type: string + sink: + description: Sink is the destination of the integration defined by + this binding + properties: + dataTypes: + additionalProperties: + description: DataTypeReference references to the specification + of a data type by its scheme and format name. + properties: + format: + description: the data type format name + type: string + scheme: + description: the data type component scheme + type: string + type: object + description: DataTypes defines the data type of the data produced/consumed + by the endpoint and references a given data type specification. + type: object + properties: + description: Properties are a key value representation of endpoint + properties + type: object + x-kubernetes-preserve-unknown-fields: true + ref: + description: Ref can be used to declare a Kubernetes resource + as source/sink endpoint + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + types: + additionalProperties: + description: |- + EventTypeSpec represents a specification for an event type. + Deprecated: In favor of using DataTypeSpec. + properties: + mediaType: + description: media type as expected for HTTP media types + (ie, application/json) + type: string + schema: + description: the expected schema for the event + properties: + $schema: + description: JSONSchemaURL represents a schema url. + type: string + description: + type: string + example: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + externalDocs: + description: ExternalDocumentation allows referencing + an external resource for extended documentation. + properties: + description: + type: string + url: + type: string + type: object + id: + type: string + properties: + additionalProperties: + properties: + default: + description: default is a default value for undefined + object fields. + x-kubernetes-preserve-unknown-fields: true + deprecated: + type: boolean + description: + type: string + enum: + items: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + type: boolean + exclusiveMinimum: + type: boolean + format: + description: |- + format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: + + + - bsonobjectid: a bson object ID, i.e. a 24 characters hex string + - uri: an URI as parsed by Golang net/url.ParseRequestURI + - email: an email address as parsed by Golang net/mail.ParseAddress + - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. + - ipv4: an IPv4 IP as parsed by Golang net.ParseIP + - ipv6: an IPv6 IP as parsed by Golang net.ParseIP + - cidr: a CIDR as parsed by Golang net.ParseCIDR + - mac: a MAC address as parsed by Golang net.ParseMAC + - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" + - isbn10: an ISBN10 number string like "0321751043" + - isbn13: an ISBN13 number string like "978-0321751041" + - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in + - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ + - hexcolor: an hexadecimal color code like "#FFFFFF" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ + - rgbcolor: an RGB color code like rgb like "rgb(255,255,255)" + - byte: base64 encoded binary data + - password: any kind of string + - date: a date string like "2006-01-02" as defined by full-date in RFC3339 + - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format + - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. + type: string + id: + type: string + maxItems: + format: int64 + type: integer + maxLength: + format: int64 + type: integer + maxProperties: + format: int64 + type: integer + maximum: + description: A Number represents a JSON number + literal. + type: string + minItems: + format: int64 + type: integer + minLength: + format: int64 + type: integer + minProperties: + format: int64 + type: integer + minimum: + description: A Number represents a JSON number + literal. + type: string + multipleOf: + description: A Number represents a JSON number + literal. + type: string + nullable: + type: boolean + pattern: + type: string + title: + type: string + type: + type: string + uniqueItems: + type: boolean + x-descriptors: + description: XDescriptors is a list of extended + properties that trigger a custom behavior in + external systems + items: + type: string + type: array + type: object + type: object + required: + items: + type: string + type: array + title: + type: string + type: + type: string + type: object + type: object + description: |- + Types defines the data type of the data produced/consumed by the endpoint and references a given data type specification. + Deprecated: In favor of using DataTypes + type: object + uri: + description: URI can be used to specify the (Camel) endpoint explicitly + type: string + type: object + source: + description: Source is the starting point of the integration defined + by this binding + properties: + dataTypes: + additionalProperties: + description: DataTypeReference references to the specification + of a data type by its scheme and format name. + properties: + format: + description: the data type format name + type: string + scheme: + description: the data type component scheme + type: string + type: object + description: DataTypes defines the data type of the data produced/consumed + by the endpoint and references a given data type specification. + type: object + properties: + description: Properties are a key value representation of endpoint + properties + type: object + x-kubernetes-preserve-unknown-fields: true + ref: + description: Ref can be used to declare a Kubernetes resource + as source/sink endpoint + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + types: + additionalProperties: + description: |- + EventTypeSpec represents a specification for an event type. + Deprecated: In favor of using DataTypeSpec. + properties: + mediaType: + description: media type as expected for HTTP media types + (ie, application/json) + type: string + schema: + description: the expected schema for the event + properties: + $schema: + description: JSONSchemaURL represents a schema url. + type: string + description: + type: string + example: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + externalDocs: + description: ExternalDocumentation allows referencing + an external resource for extended documentation. + properties: + description: + type: string + url: + type: string + type: object + id: + type: string + properties: + additionalProperties: + properties: + default: + description: default is a default value for undefined + object fields. + x-kubernetes-preserve-unknown-fields: true + deprecated: + type: boolean + description: + type: string + enum: + items: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + type: boolean + exclusiveMinimum: + type: boolean + format: + description: |- + format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: + + + - bsonobjectid: a bson object ID, i.e. a 24 characters hex string + - uri: an URI as parsed by Golang net/url.ParseRequestURI + - email: an email address as parsed by Golang net/mail.ParseAddress + - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. + - ipv4: an IPv4 IP as parsed by Golang net.ParseIP + - ipv6: an IPv6 IP as parsed by Golang net.ParseIP + - cidr: a CIDR as parsed by Golang net.ParseCIDR + - mac: a MAC address as parsed by Golang net.ParseMAC + - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" + - isbn10: an ISBN10 number string like "0321751043" + - isbn13: an ISBN13 number string like "978-0321751041" + - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in + - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ + - hexcolor: an hexadecimal color code like "#FFFFFF" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ + - rgbcolor: an RGB color code like rgb like "rgb(255,255,255)" + - byte: base64 encoded binary data + - password: any kind of string + - date: a date string like "2006-01-02" as defined by full-date in RFC3339 + - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format + - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. + type: string + id: + type: string + maxItems: + format: int64 + type: integer + maxLength: + format: int64 + type: integer + maxProperties: + format: int64 + type: integer + maximum: + description: A Number represents a JSON number + literal. + type: string + minItems: + format: int64 + type: integer + minLength: + format: int64 + type: integer + minProperties: + format: int64 + type: integer + minimum: + description: A Number represents a JSON number + literal. + type: string + multipleOf: + description: A Number represents a JSON number + literal. + type: string + nullable: + type: boolean + pattern: + type: string + title: + type: string + type: + type: string + uniqueItems: + type: boolean + x-descriptors: + description: XDescriptors is a list of extended + properties that trigger a custom behavior in + external systems + items: + type: string + type: array + type: object + type: object + required: + items: + type: string + type: array + title: + type: string + type: + type: string + type: object + type: object + description: |- + Types defines the data type of the data produced/consumed by the endpoint and references a given data type specification. + Deprecated: In favor of using DataTypes + type: object + uri: + description: URI can be used to specify the (Camel) endpoint explicitly + type: string + type: object + steps: + description: Steps contains an optional list of intermediate steps + that are executed between the Source and the Sink + items: + description: Endpoint represents a source/sink external entity (could + be any Kubernetes resource or Camel URI). + properties: + dataTypes: + additionalProperties: + description: DataTypeReference references to the specification + of a data type by its scheme and format name. + properties: + format: + description: the data type format name + type: string + scheme: + description: the data type component scheme + type: string + type: object + description: DataTypes defines the data type of the data produced/consumed + by the endpoint and references a given data type specification. + type: object + properties: + description: Properties are a key value representation of endpoint + properties + type: object + x-kubernetes-preserve-unknown-fields: true + ref: + description: Ref can be used to declare a Kubernetes resource + as source/sink endpoint + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + types: + additionalProperties: + description: |- + EventTypeSpec represents a specification for an event type. + Deprecated: In favor of using DataTypeSpec. + properties: + mediaType: + description: media type as expected for HTTP media types + (ie, application/json) + type: string + schema: + description: the expected schema for the event + properties: + $schema: + description: JSONSchemaURL represents a schema url. + type: string + description: + type: string + example: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + externalDocs: + description: ExternalDocumentation allows referencing + an external resource for extended documentation. + properties: + description: + type: string + url: + type: string + type: object + id: + type: string + properties: + additionalProperties: + properties: + default: + description: default is a default value for + undefined object fields. + x-kubernetes-preserve-unknown-fields: true + deprecated: + type: boolean + description: + type: string + enum: + items: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + type: array + example: + description: |- + JSON represents any valid JSON value. + These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. + x-kubernetes-preserve-unknown-fields: true + exclusiveMaximum: + type: boolean + exclusiveMinimum: + type: boolean + format: + description: |- + format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: + + + - bsonobjectid: a bson object ID, i.e. a 24 characters hex string + - uri: an URI as parsed by Golang net/url.ParseRequestURI + - email: an email address as parsed by Golang net/mail.ParseAddress + - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. + - ipv4: an IPv4 IP as parsed by Golang net.ParseIP + - ipv6: an IPv6 IP as parsed by Golang net.ParseIP + - cidr: a CIDR as parsed by Golang net.ParseCIDR + - mac: a MAC address as parsed by Golang net.ParseMAC + - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" + - isbn10: an ISBN10 number string like "0321751043" + - isbn13: an ISBN13 number string like "978-0321751041" + - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in + - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ + - hexcolor: an hexadecimal color code like "#FFFFFF" following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ + - rgbcolor: an RGB color code like rgb like "rgb(255,255,255)" + - byte: base64 encoded binary data + - password: any kind of string + - date: a date string like "2006-01-02" as defined by full-date in RFC3339 + - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format + - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. + type: string + id: + type: string + maxItems: + format: int64 + type: integer + maxLength: + format: int64 + type: integer + maxProperties: + format: int64 + type: integer + maximum: + description: A Number represents a JSON number + literal. + type: string + minItems: + format: int64 + type: integer + minLength: + format: int64 + type: integer + minProperties: + format: int64 + type: integer + minimum: + description: A Number represents a JSON number + literal. + type: string + multipleOf: + description: A Number represents a JSON number + literal. + type: string + nullable: + type: boolean + pattern: + type: string + title: + type: string + type: + type: string + uniqueItems: + type: boolean + x-descriptors: + description: XDescriptors is a list of extended + properties that trigger a custom behavior + in external systems + items: + type: string + type: array + type: object + type: object + required: + items: + type: string + type: array + title: + type: string + type: + type: string + type: object + type: object + description: |- + Types defines the data type of the data produced/consumed by the endpoint and references a given data type specification. + Deprecated: In favor of using DataTypes + type: object + uri: + description: URI can be used to specify the (Camel) endpoint + explicitly + type: string + type: object + type: array + type: object + status: + description: the status of a KameletBinding + properties: + conditions: + description: Conditions -- + items: + description: KameletBindingCondition describes the state of a resource + at a certain point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + pods: + description: Pods collect health and conditions information + from the owned PODs + items: + properties: + condition: + description: PodCondition contains details for the current + condition of this pod. + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned + from one status to another. + format: date-time + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for + the condition's last transition. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + type: string + type: + description: |- + Type is the type of the condition. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + type: string + required: + - status + - type + type: object + health: + items: + properties: + data: + description: |- + RawMessage is a raw encoded JSON value. + It implements Marshaler and Unmarshaler and can + be used to delay JSON decoding or precompute a JSON encoding. + x-kubernetes-preserve-unknown-fields: true + name: + type: string + status: + type: string + type: object + type: array + name: + type: string + required: + - condition + type: object + type: array + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of kameletBinding condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this KameletBinding. + format: int64 + type: integer + phase: + description: Phase -- + type: string + replicas: + description: Replicas is the number of actual replicas of the binding + format: int32 + type: integer + selector: + description: Selector allows to identify pods belonging to the binding + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} diff --git a/definitions/cf.containeroo.ch/account.yaml b/definitions/cf.containeroo.ch/account.yaml new file mode 100644 index 000000000..45f349293 --- /dev/null +++ b/definitions/cf.containeroo.ch/account.yaml @@ -0,0 +1,163 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: accounts.cf.containeroo.ch +spec: + group: cf.containeroo.ch + names: + kind: Account + listKind: AccountList + plural: accounts + singular: account + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type == "Ready")].status + name: Ready + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Account is the Schema for the accounts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AccountSpec defines the desired state of Account + properties: + apiToken: + description: Cloudflare API token + properties: + secretRef: + description: Secret containing the API token (key must be named + "apiToken") + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which the + secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - secretRef + type: object + interval: + default: 5m + description: Interval to check account status + type: string + managedZones: + description: List of zone names that should be managed by cloudflare-operator + items: + type: string + type: array + required: + - apiToken + type: object + status: + description: AccountStatus defines the observed state of Account + properties: + conditions: + description: Conditions contains the different condition statuses + for the Account object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + zones: + description: Zones contains all the zones of the Account + items: + properties: + id: + description: ID of the zone + type: string + name: + description: Name of the zone + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/cf.containeroo.ch/dnsrecord.yaml b/definitions/cf.containeroo.ch/dnsrecord.yaml new file mode 100644 index 000000000..e537b79c1 --- /dev/null +++ b/definitions/cf.containeroo.ch/dnsrecord.yaml @@ -0,0 +1,187 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: dnsrecords.cf.containeroo.ch +spec: + group: cf.containeroo.ch + names: + kind: DNSRecord + listKind: DNSRecordList + plural: dnsrecords + singular: dnsrecord + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: Record Name + type: string + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .spec.content + name: Content + priority: 1 + type: string + - jsonPath: .spec.proxied + name: Proxied + priority: 1 + type: boolean + - jsonPath: .spec.ttl + name: TTL + priority: 1 + type: integer + - jsonPath: .status.conditions[?(@.type == "Ready")].status + name: Ready + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DNSRecord is the Schema for the dnsrecords API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DNSRecordSpec defines the desired state of DNSRecord + properties: + content: + description: DNS record content (e.g. 127.0.0.1) + type: string + data: + description: Data holds arbitrary key-value pairs used to further + configure the DNS record + x-kubernetes-preserve-unknown-fields: true + interval: + default: 5m + description: Interval to check DNSRecord + type: string + ipRef: + description: Reference to an IP object + properties: + name: + description: Name of the IP object + type: string + type: object + name: + description: DNS record name (e.g. example.com) + maxLength: 255 + type: string + priority: + description: Required for MX, SRV and URI records; unused by other + record types. Records with lower priorities are preferred. + maximum: 65535 + minimum: 0 + type: integer + proxied: + default: true + description: Whether the record is receiving the performance and security + benefits of Cloudflare + type: boolean + ttl: + default: 1 + description: Time to live, in seconds, of the DNS record. Must be + between 60 and 86400, or 1 for 'automatic' (e.g. 3600) + maximum: 86400 + minimum: 1 + type: integer + type: + default: A + description: DNS record type + type: string + required: + - name + type: object + status: + description: DNSRecordStatus defines the observed state of DNSRecord + properties: + conditions: + description: Conditions contains the different condition statuses + for the DNSRecord object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + recordID: + description: Cloudflare DNS record ID + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/cf.containeroo.ch/ip.yaml b/definitions/cf.containeroo.ch/ip.yaml new file mode 100644 index 000000000..e23da0bf7 --- /dev/null +++ b/definitions/cf.containeroo.ch/ip.yaml @@ -0,0 +1,197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: ips.cf.containeroo.ch +spec: + group: cf.containeroo.ch + names: + kind: IP + listKind: IPList + plural: ips + singular: ip + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.address + name: Address + type: string + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .status.conditions[?(@.type == "Ready")].status + name: Ready + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: IP is the Schema for the ips API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPSpec defines the desired state of IP + properties: + address: + description: IP address (omit if type is dynamic) + type: string + interval: + description: Interval at which a dynamic IP should be checked + type: string + ipSources: + description: IPSources can be configured to get an IP from an external + source (e.g. an API or public IP echo service) + items: + properties: + insecureSkipVerify: + description: InsecureSkipVerify defines whether to skip TLS + certificate verification + type: boolean + postProcessingRegex: + description: PostProcessingRegex defines the regular expression + to be used to extract the IP from the response or a JQ filter + result + type: string + requestBody: + description: RequestBody to be sent to the URL + type: string + requestHeaders: + description: RequestHeaders to be sent to the URL + x-kubernetes-preserve-unknown-fields: true + requestHeadersSecretRef: + description: RequestHeadersSecretRef is a secret reference to + the headers to be sent to the URL (e.g. for authentication) + where the key is the header name and the value is the header + value + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which the + secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + requestMethod: + default: GET + description: RequestMethod defines the HTTP method to be used + enum: + - GET + - POST + - PUT + - DELETE + type: string + responseJQFilter: + description: ResponseJQFilter applies a JQ filter to the response + to extract the IP + type: string + url: + description: URL of the IP source (e.g. https://checkip.amazonaws.com) + type: string + type: object + type: array + type: + default: static + description: IP address type (static or dynamic) + enum: + - static + - dynamic + type: string + type: object + status: + description: IPStatus defines the observed state of IP + properties: + conditions: + description: Conditions contains the different condition statuses + for the IP object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastObservedIP: + description: LastObservedIP contains the IP address observed at the + last interval (used to determine whether the IP has changed) + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/cf.containeroo.ch/zone.yaml b/definitions/cf.containeroo.ch/zone.yaml new file mode 100644 index 000000000..f7be7eed3 --- /dev/null +++ b/definitions/cf.containeroo.ch/zone.yaml @@ -0,0 +1,140 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: zones.cf.containeroo.ch +spec: + group: cf.containeroo.ch + names: + kind: Zone + listKind: ZoneList + plural: zones + singular: zone + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: Zone Name + type: string + - jsonPath: .spec.id + name: ID + type: string + - jsonPath: .status.conditions[?(@.type == "Ready")].status + name: Ready + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Zone is the Schema for the zones API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZoneSpec defines the desired state of Zone + properties: + id: + description: ID of the zone + type: string + interval: + default: 5m + description: Interval to check zone status + type: string + name: + description: Name of the zone + type: string + required: + - id + - name + type: object + status: + description: ZoneStatus defines the observed state of Zone + properties: + conditions: + description: Conditions contains the different condition statuses + for the Zone object. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/cilium.io/ciliumbgploadbalancerippool.yaml b/definitions/cilium.io/ciliumbgploadbalancerippool.yaml new file mode 100644 index 000000000..9b17328f7 --- /dev/null +++ b/definitions/cilium.io/ciliumbgploadbalancerippool.yaml @@ -0,0 +1,182 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ciliumbgploadbalancerippools.cilium.io +spec: + group: cilium.io + names: + categories: + - cilium + - ciliumbgp + kind: CiliumBGPLoadBalancerIPPool + listKind: CiliumBGPLoadBalancerIPPoolList + plural: ciliumbgploadbalancerippools + shortNames: + - bgppools + singular: ciliumbgploadbalancerippool + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2alpha1 + schema: + openAPIV3Schema: + description: CiliumBGPLoadBalancerIPPool is a Kubernetes third-party resource + which instructs the BGP control plane to allocate and advertise IPs for + Services of type LoadBalancer. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is a human readable description for a BGP load balancer + ip pool. + properties: + default: + description: Default determines if this is the default IP pool for + allocating from when LBSelector is nil or empty. + type: boolean + lbSelector: + description: LBSelector will determine if a created LoadBalancer is + allocated an IP from this pool. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the value from the + MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nodeSelector: + description: "NodeSelector selects a group of nodes which will advertise + the presence of any LoadBalancers allocated from this IP pool. \n + If nil all nodes will advertise the presence of any LoadBalancer + allocated an IP from this pool." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the value from the + MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + prefix: + description: The CIDR block of IPs to allocate from. + format: cidr + type: string + required: + - prefix + type: object + required: + - metadata + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/cilium.io/ciliumegressnatpolicy.yaml b/definitions/cilium.io/ciliumegressnatpolicy.yaml new file mode 100644 index 000000000..459a8012b --- /dev/null +++ b/definitions/cilium.io/ciliumegressnatpolicy.yaml @@ -0,0 +1,193 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ciliumegressnatpolicies.cilium.io +spec: + group: cilium.io + names: + categories: + - cilium + - ciliumpolicy + kind: CiliumEgressNATPolicy + listKind: CiliumEgressNATPolicyList + plural: ciliumegressnatpolicies + shortNames: + - cenp + singular: ciliumegressnatpolicy + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + destinationCIDRs: + description: DestinationCIDRs is a list of destination CIDRs for destination + IP addresses. If a destination IP matches any one CIDR, it will + be selected. + items: + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]|[1-2][0-9]|3[0-2])$ + type: string + type: array + egress: + description: Egress represents a list of rules by which egress traffic + is filtered from the source pods. + items: + properties: + namespaceSelector: + description: Selects Namespaces using cluster-scoped labels. + This field follows standard label selector semantics; if present + but empty, it selects all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the value from + the MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + podSelector: + description: This is a label selector which selects Pods. This + field follows standard label selector semantics; if present + but empty, it selects all pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + description: MatchLabelsValue represents the value from + the MatchLabels {key,value} pair. + maxLength: 63 + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + type: array + egressSourceIP: + description: "EgressSourceIP is a source ip address that the egress + traffic is redirected to and SNATed with. \n Example: When it is + set to \"192.168.1.100\", matched egress packets will be redirected + to node with ip 192.168.1.100 and SNAT’ed with IP address 192.168.1.100." + pattern: ((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$)) + type: string + required: + - destinationCIDRs + - egress + - egressSourceIP + type: object + required: + - metadata + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/cilium.io/ciliumexternalworkload.yaml b/definitions/cilium.io/ciliumexternalworkload.yaml new file mode 100644 index 000000000..b5def6135 --- /dev/null +++ b/definitions/cilium.io/ciliumexternalworkload.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: ciliumexternalworkloads.cilium.io +spec: + group: cilium.io + names: + categories: + - cilium + kind: CiliumExternalWorkload + listKind: CiliumExternalWorkloadList + plural: ciliumexternalworkloads + shortNames: + - cew + singular: ciliumexternalworkload + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: Cilium ID + type: integer + - jsonPath: .status.ip + name: IP + type: string + name: v2 + schema: + openAPIV3Schema: + description: |- + CiliumExternalWorkload is a Kubernetes Custom Resource that + contains a specification for an external workload that can join the + cluster. The name of the CRD is the FQDN of the external workload, + and it needs to match the name in the workload registration. The + labels on the CRD object are the labels that will be used to + allocate a Cilium Identity for the external workload. If + 'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labels + are not explicitly specified, they will be defaulted to 'default' + and , respectively. 'io.cilium.k8s.policy.cluster' + will always be defined as the name of the current cluster, which + defaults to "default". + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the desired configuration of the external Cilium + workload. + properties: + ipv4-alloc-cidr: + description: |- + IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload can + use to allocate IP addresses for the tunnel device and the health endpoint. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]|[1-2][0-9]|3[0-2])$ + type: string + ipv6-alloc-cidr: + description: |- + IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload can + use to allocate IP addresses for the tunnel device and the health endpoint. + pattern: ^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$ + type: string + type: object + status: + description: |- + Status is the most recent status of the external Cilium workload. + It is a read-only field. + properties: + id: + description: ID is the numeric identity allocated for the external + workload. + format: int64 + type: integer + ip: + description: IP is the IP address of the workload. Empty if the workload + has not registered. + type: string + type: object + required: + - metadata + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/cluster.k8s.io/cluster.yaml b/definitions/cluster.k8s.io/cluster.yaml new file mode 100644 index 000000000..b41b12dd3 --- /dev/null +++ b/definitions/cluster.k8s.io/cluster.yaml @@ -0,0 +1,173 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: clusters.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: Cluster + plural: clusters + shortNames: + - cl + scope: Namespaced + validation: + openAPIV3Schema: + description: / [Cluster] Cluster is the Schema for the clusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: / [ClusterSpec] ClusterSpec defines the desired state of Cluster + properties: + clusterNetwork: + description: Cluster network configuration + properties: + pods: + description: The network ranges from which Pod networks are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + serviceDomain: + description: Domain name for services. + type: string + services: + description: The network ranges from which service VIPs are allocated. + properties: + cidrBlocks: + items: + type: string + type: array + required: + - cidrBlocks + type: object + required: + - pods + - serviceDomain + - services + type: object + providerSpec: + description: Provider-specific serialized configuration to use during + cluster creation. It is recommended that providers maintain their + own versioned API types that should be serialized/deserialized from + this field. + properties: + value: + description: Value is an inlined, serialized representation of the + resource configuration. It is recommended that providers maintain + their own versioned API types that should be serialized/deserialized + from this field, akin to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot be used + if value is not empty. + properties: + machineClass: + description: The machine class from which the provider config + should be sourced. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + type: object + status: + description: / [ClusterStatus] ClusterStatus defines the observed state + of Cluster + properties: + apiEndpoints: + description: APIEndpoint represents the endpoint to communicate with + the IP. + items: + description: / [APIEndpoint] APIEndpoint represents a reachable Kubernetes + API endpoint. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + type: integer + required: + - host + - port + type: object + type: array + errorMessage: + description: If set, indicates that there is a problem reconciling the + state, and will be set to a descriptive error message. + type: string + errorReason: + description: If set, indicates that there is a problem reconciling the + state, and will be set to a token value suitable for programmatic + interpretation. + type: string + providerStatus: + description: Provider-specific status. It is recommended that providers + maintain their own versioned API types that should be serialized/deserialized + from this field. + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/cluster.k8s.io/machine.yaml b/definitions/cluster.k8s.io/machine.yaml new file mode 100644 index 000000000..d3b28cc03 --- /dev/null +++ b/definitions/cluster.k8s.io/machine.yaml @@ -0,0 +1,491 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: machines.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: Machine + plural: machines + shortNames: + - ma + scope: Namespaced + validation: + openAPIV3Schema: + description: / [Machine] Machine is the Schema for the machines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: / [MachineSpec] MachineSpec defines the desired state of Machine + properties: + configSource: + description: ConfigSource is used to populate in the associated Node + for dynamic kubelet config. This field already exists in Node, so + any updates to it in the Machine spec will be automatically copied + to the linked NodeRef from the status. The rest of dynamic kubelet + config support should then work as-is. + properties: + configMap: + description: ConfigMap is a reference to a Node's ConfigMap + properties: + kubeletConfigKey: + description: KubeletConfigKey declares which key of the referenced + ConfigMap corresponds to the KubeletConfiguration structure + This field is required in all cases. + type: string + name: + description: Name is the metadata.name of the referenced ConfigMap. + This field is required in all cases. + type: string + namespace: + description: Namespace is the metadata.namespace of the referenced + ConfigMap. This field is required in all cases. + type: string + resourceVersion: + description: ResourceVersion is the metadata.ResourceVersion + of the referenced ConfigMap. This field is forbidden in Node.Spec, + and required in Node.Status. + type: string + uid: + description: UID is the metadata.UID of the referenced ConfigMap. + This field is forbidden in Node.Spec, and required in Node.Status. + type: string + required: + - kubeletConfigKey + - name + - namespace + type: object + type: object + metadata: + description: ObjectMeta will autopopulate the Node created. Use this + to indicate what labels, annotations, name prefix, etc., should be + used when creating the Node. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by the server, + to generate a unique name ONLY IF the Name field has not been + provided. If this field is used, the name returned to the client + will be different than the name passed. This value will also be + combined with a unique suffix. The provided value has the same + validation rules as the Name field, and may be truncated by the + length of the suffix required to make the value unique on the + server. \n If this field is specified and the generated name exists, + the server will NOT return a 409 - instead, it will either return + 201 Created or 500 with Reason ServerTimeout indicating a unique + name could not be found in the time allotted, and the client should + retry (optionally after the time indicated in the Retry-After + header). \n Applied only if Name is not specified. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a client + to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the \"default\" + namespace, but \"default\" is the canonical representation. Not + all objects are required to be scoped to a namespace - the value + of this field for those objects will be empty. \n Must be a DNS_LABEL. + Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects + in the list have been deleted, this object will be garbage collected. + If this object is managed by a controller, then an entry in this + list will point to this controller, with the controller field + set to true. There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information to let + you identify an owning object. An owning object must be in the + same namespace as the dependent, or be cluster-scoped, so there + is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the key-value + store until this reference is removed. Defaults to false. + To set this field, a user needs "delete" permission of the + owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + type: object + providerID: + description: ProviderID is the identification ID of the machine provided + by the provider. This field must match the provider ID as seen on + the node object corresponding to this machine. This field is required + by higher level consumers of cluster-api. Example use case is cluster + autoscaler with cluster-api as provider. Clean-up logic in the autoscaler + compares machines to nodes to find out machines at provider which + could not get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field is required + by autoscaler to be able to have a provider view of the list of machines. + Another list of nodes is queried from the k8s apiserver and then a + comparison is done to find out unregistered machines and are marked + for delete. This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing with + cluster-api as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration to + use during node creation. + properties: + value: + description: Value is an inlined, serialized representation of the + resource configuration. It is recommended that providers maintain + their own versioned API types that should be serialized/deserialized + from this field, akin to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot be used + if value is not empty. + properties: + machineClass: + description: The machine class from which the provider config + should be sourced. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + taints: + description: The list of the taints to be applied to the corresponding + Node in additive manner. This list will not overwrite any other taints + added to the Node on an ongoing basis by other entities. These taints + should be actively reconciled e.g. if you ask the machine controller + to apply a taint and then manually remove the taint the machine controller + will put it back) but not have the machine controller remove any taints + items: + description: The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods that do + not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint + was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: Required. The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + versions: + description: Versions of key software to use. This field is optional + at cluster creation time, and omitting the field indicates that the + cluster installation tool should select defaults for the user. These + defaults may differ based on the cluster installer, but the tool should + populate the values it uses when persisting Machine objects. A Machine + spec missing this field at runtime is invalid. + properties: + controlPlane: + description: ControlPlane is the semantic version of the Kubernetes + control plane to run. This should only be populated when the machine + is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet to run + type: string + required: + - kubelet + type: object + type: object + status: + description: / [MachineStatus] MachineStatus defines the observed state + of Machine + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + Queried from cloud provider, if available. + items: + description: NodeAddress contains information for the node's address. + properties: + address: + description: The node address. + type: string + type: + description: Node address type, one of Hostname, ExternalIP or + InternalIP. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: 'Conditions lists the conditions synced from the node conditions + of the corresponding node-object. Machine-controller is responsible + for keeping conditions up-to-date. MachineSet controller will be taking + these conditions as a signal to decide if machine is healthy or needs + to be replaced. Refer: https://kubernetes.io/docs/concepts/architecture/nodes/#condition' + items: + description: NodeCondition contains condition information for a node. + properties: + lastHeartbeatTime: + description: Last time we got an update on a given condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transit from one status to + another. + format: date-time + type: string + message: + description: Human readable message indicating details about last + transition. + type: string + reason: + description: (brief) reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of node condition. + type: string + required: + - status + - type + type: object + type: array + errorMessage: + description: "ErrorMessage will be set in the event that there is a + terminal problem reconciling the Machine and will contain a more verbose + string suitable for logging and human consumption. \n This field should + not be set for transitive errors that a controller faces that are + expected to be fixed automatically over time (like service outages), + but instead indicate that something is fundamentally wrong with the + Machine's spec or the configuration of the controller, and that manual + intervention is required. Examples of terminal errors would be invalid + combinations of settings in the spec, values that are unsupported + by the controller, or the responsible controller itself being critically + misconfigured. \n Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or logged + in the controller's output." + type: string + errorReason: + description: "ErrorReason will be set in the event that there is a terminal + problem reconciling the Machine and will contain a succinct value + suitable for machine interpretation. \n This field should not be set + for transitive errors that a controller faces that are expected to + be fixed automatically over time (like service outages), but instead + indicate that something is fundamentally wrong with the Machine's + spec or the configuration of the controller, and that manual intervention + is required. Examples of terminal errors would be invalid combinations + of settings in the spec, values that are unsupported by the controller, + or the responsible controller itself being critically misconfigured. + \n Any transient errors that occur during the reconciliation of Machines + can be added as events to the Machine object and/or logged in the + controller's output." + type: string + lastOperation: + description: LastOperation describes the last-operation performed by + the machine-controller. This API should be useful as a history in + terms of the latest operation performed on the specific machine. It + should also convey the state of the latest-operation for example if + it is still on-going, failed or completed successfully. + properties: + description: + description: Description is the human-readable description of the + last operation. + type: string + lastUpdated: + description: LastUpdated is the timestamp at which LastOperation + API was last-updated. + format: date-time + type: string + state: + description: State is the current status of the last performed operation. + E.g. Processing, Failed, Successful etc + type: string + type: + description: Type is the type of operation which was last performed. + E.g. Create, Delete, Update etc + type: string + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + nodeRef: + description: NodeRef will point to the corresponding Node if it exists. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + providerStatus: + description: ProviderStatus details a Provider-specific status. It is + recommended that providers maintain their own versioned API types + that should be serialized/deserialized from this field. + type: object + versions: + description: "Versions specifies the current versions of software on + the corresponding Node (if it exists). This is provided for a few + reasons: \n 1) It is more convenient than checking the NodeRef, traversing + it to the Node, and finding the appropriate field in Node.Status.NodeInfo + \ (which uses different field names and formatting). 2) It removes + some of the dependency on the structure of the Node, so that if + the structure of Node.Status.NodeInfo changes, only machine controllers + need to be updated, rather than every client of the Machines API. + 3) There is no other simple way to check the control plane version. + A client would have to connect directly to the apiserver running + on the target node in order to find out its version." + properties: + controlPlane: + description: ControlPlane is the semantic version of the Kubernetes + control plane to run. This should only be populated when the machine + is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet to run + type: string + required: + - kubelet + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/cluster.k8s.io/machineclass.yaml b/definitions/cluster.k8s.io/machineclass.yaml new file mode 100644 index 000000000..f0abd47fb --- /dev/null +++ b/definitions/cluster.k8s.io/machineclass.yaml @@ -0,0 +1,47 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: machineclasses.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: MachineClass + plural: machineclasses + shortNames: + - mc + scope: Namespaced + validation: + openAPIV3Schema: + description: / [MachineClass] MachineClass can be used to templatize and re-use + provider configuration across multiple Machines / MachineSets / MachineDeployments. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + providerSpec: + description: Provider-specific configuration to use during node creation. + type: object + required: + - providerSpec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/cluster.k8s.io/machinedeployment.yaml b/definitions/cluster.k8s.io/machinedeployment.yaml new file mode 100644 index 000000000..f027bca7f --- /dev/null +++ b/definitions/cluster.k8s.io/machinedeployment.yaml @@ -0,0 +1,594 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: machinedeployments.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: MachineDeployment + plural: machinedeployments + shortNames: + - md + scope: Namespaced + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + validation: + openAPIV3Schema: + description: / [MachineDeployment] MachineDeployment is the Schema for the machinedeployments + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: / [MachineDeploymentSpec] MachineDeploymentSpec defines the + desired state of MachineDeployment + properties: + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + should be ready. Defaults to 0 (machine will be considered available + as soon as it is ready) + format: int32 + type: integer + paused: + description: Indicates that the deployment is paused. + type: boolean + progressDeadlineSeconds: + description: The maximum time in seconds for a deployment to make progress + before it is considered to be failed. The deployment controller will + continue to process failed deployments and a condition with a ProgressDeadlineExceeded + reason will be surfaced in the deployment status. Note that progress + will not be estimated during the time a deployment is paused. Defaults + to 600s. + format: int32 + type: integer + replicas: + description: Number of desired machines. Defaults to 1. This is a pointer + to distinguish between explicit zero and not specified. + format: int32 + type: integer + revisionHistoryLimit: + description: The number of old MachineSets to retain to allow rollback. + This is a pointer to distinguish between explicit zero and not specified. + Defaults to 1. + format: int32 + type: integer + selector: + description: Label selector for machines. Existing MachineSets whose + machines are selected by this will be the ones affected by this deployment. + It must match the machine template's labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + strategy: + description: The deployment strategy to use to replace existing machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: string + - type: integer + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: 10%). + This can not be 0 if MaxUnavailable is 0. Absolute number + is calculated from percentage by rounding up. Defaults to + 1. Example: when this is set to 30%, the new MachineSet can + be scaled up immediately when the rolling update starts, such + that the total number of old and new machines do not exceed + 130% of desired machines. Once old machines have been killed, + new MachineSet can be scaled up further, ensuring that total + number of machines running at any time during the update is + at most 130% of desired machines.' + maxUnavailable: + anyOf: + - type: string + - type: integer + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: 5) + or a percentage of desired machines (ex: 10%). Absolute number + is calculated from percentage by rounding down. This can not + be 0 if MaxSurge is 0. Defaults to 0. Example: when this is + set to 30%, the old MachineSet can be scaled down to 70% of + desired machines immediately when the rolling update starts. + Once new machines are ready, old MachineSet can be scaled + down further, followed by scaling up the new MachineSet, ensuring + that the total number of machines available at all times during + the update is at least 70% of desired machines.' + type: object + type: + description: Type of deployment. Currently the only supported strategy + is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by the + server, to generate a unique name ONLY IF the Name field has + not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to make + the value unique on the server. \n If this field is specified + and the generated name exists, the server will NOT return + a 409 - instead, it will either return 201 Created or 500 + with Reason ServerTimeout indicating a unique name could not + be found in the time allotted, and the client should retry + (optionally after the time indicated in the Retry-After header). + \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. More + info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the \"default\" + namespace, but \"default\" is the canonical representation. + Not all objects are required to be scoped to a namespace - + the value of this field for those objects will be empty. \n + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If ALL + objects in the list have been deleted, this object will be + garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. + items: + description: OwnerReference contains enough information to + let you identify an owning object. An owning object must + be in the same namespace as the dependent, or be cluster-scoped, + so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. Defaults + to false. To set this field, a user needs "delete" permission + of the owner, otherwise 422 (Unprocessable Entity) will + be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + configSource: + description: ConfigSource is used to populate in the associated + Node for dynamic kubelet config. This field already exists + in Node, so any updates to it in the Machine spec will be + automatically copied to the linked NodeRef from the status. + The rest of dynamic kubelet config support should then work + as-is. + properties: + configMap: + description: ConfigMap is a reference to a Node's ConfigMap + properties: + kubeletConfigKey: + description: KubeletConfigKey declares which key of + the referenced ConfigMap corresponds to the KubeletConfiguration + structure This field is required in all cases. + type: string + name: + description: Name is the metadata.name of the referenced + ConfigMap. This field is required in all cases. + type: string + namespace: + description: Namespace is the metadata.namespace of + the referenced ConfigMap. This field is required in + all cases. + type: string + resourceVersion: + description: ResourceVersion is the metadata.ResourceVersion + of the referenced ConfigMap. This field is forbidden + in Node.Spec, and required in Node.Status. + type: string + uid: + description: UID is the metadata.UID of the referenced + ConfigMap. This field is forbidden in Node.Spec, and + required in Node.Status. + type: string + required: + - kubeletConfigKey + - name + - namespace + type: object + type: object + metadata: + description: ObjectMeta will autopopulate the Node created. + Use this to indicate what labels, annotations, name prefix, + etc., should be used when creating the Node. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name + field has not been provided. If this field is used, the + name returned to the client will be different than the + name passed. This value will also be combined with a unique + suffix. The provided value has the same validation rules + as the Name field, and may be truncated by the length + of the suffix required to make the value unique on the + server. \n If this field is specified and the generated + name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time + allotted, and the client should retry (optionally after + the time indicated in the Retry-After header). \n Applied + only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is + required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If + ALL objects in the list have been deleted, this object + will be garbage collected. If this object is managed by + a controller, then an entry in this list will point to + this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from + the key-value store until this reference is removed. + Defaults to false. To set this field, a user needs + "delete" permission of the owner, otherwise 422 + (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the + managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + type: object + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api as + provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is + required by autoscaler to be able to have a provider view + of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to find + out unregistered machines and are marked for delete. This + field will be set by the actuators and consumed by higher + level entities like autoscaler that will be interfacing with + cluster-api as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration + to use during node creation. + properties: + value: + description: Value is an inlined, serialized representation + of the resource configuration. It is recommended that + providers maintain their own versioned API types that + should be serialized/deserialized from this field, akin + to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot + be used if value is not empty. + properties: + machineClass: + description: The machine class from which the provider + config should be sourced. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + taints: + description: The list of the taints to be applied to the corresponding + Node in additive manner. This list will not overwrite any + other taints added to the Node on an ongoing basis by other + entities. These taints should be actively reconciled e.g. + if you ask the machine controller to apply a taint and then + manually remove the taint the machine controller will put + it back) but not have the machine controller remove any taints + items: + description: The node this Taint is attached to has the "effect" + on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the + taint was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: Required. The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + versions: + description: Versions of key software to use. This field is + optional at cluster creation time, and omitting the field + indicates that the cluster installation tool should select + defaults for the user. These defaults may differ based on + the cluster installer, but the tool should populate the values + it uses when persisting Machine objects. A Machine spec missing + this field at runtime is invalid. + properties: + controlPlane: + description: ControlPlane is the semantic version of the + Kubernetes control plane to run. This should only be populated + when the machine is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet + to run + type: string + required: + - kubelet + type: object + type: object + type: object + required: + - selector + - template + type: object + status: + description: / [MachineDeploymentStatus] MachineDeploymentStatus defines + the observed state of MachineDeployment + properties: + availableReplicas: + description: Total number of available machines (ready for at least + minReadySeconds) targeted by this deployment. + format: int32 + type: integer + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + readyReplicas: + description: Total number of ready machines targeted by this deployment. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + deployment (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machines targeted by this deployment. + This is the total number of machines that are still required for the + deployment to have 100% available capacity. They may either be machines + that are running but not yet available or machines that still have + not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated machines targeted by this + deployment that have the desired template spec. + format: int32 + type: integer + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/cluster.k8s.io/machineset.yaml b/definitions/cluster.k8s.io/machineset.yaml new file mode 100644 index 000000000..58e35c9e3 --- /dev/null +++ b/definitions/cluster.k8s.io/machineset.yaml @@ -0,0 +1,555 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: machinesets.cluster.k8s.io +spec: + group: cluster.k8s.io + names: + kind: MachineSet + plural: machinesets + shortNames: + - ms + scope: Namespaced + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + validation: + openAPIV3Schema: + description: / [MachineSet] MachineSet ensures that a specified number of machines + replicas are running at any given time. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: / [MachineSetSpec] MachineSetSpec defines the desired state + of MachineSet + properties: + deletePolicy: + description: DeletePolicy defines the policy used to identify nodes + to delete when downscaling. Defaults to "Random". Valid values are + "Random, "Newest", "Oldest" + enum: + - Random + - Newest + - Oldest + type: string + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds for which + a newly created machine should be ready. Defaults to 0 (machine will + be considered available as soon as it is ready) + format: int32 + type: integer + replicas: + description: Replicas is the number of desired replicas. This is a pointer + to distinguish between explicit zero and unspecified. Defaults to + 1. + format: int32 + type: integer + selector: + description: 'Selector is a label query over machines that should match + the replica count. Label keys and values that must match in order + to be controlled by this MachineSet. It must match the machine template''s + labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + template: + description: Template is the object that describes the machine that + will be created if insufficient replicas are detected. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and + should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by the + server, to generate a unique name ONLY IF the Name field has + not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to make + the value unique on the server. \n If this field is specified + and the generated name exists, the server will NOT return + a 409 - instead, it will either return 201 Created or 500 + with Reason ServerTimeout indicating a unique name could not + be found in the time allotted, and the client should retry + (optionally after the time indicated in the Retry-After header). + \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. More + info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name must + be unique. An empty namespace is equivalent to the \"default\" + namespace, but \"default\" is the canonical representation. + Not all objects are required to be scoped to a namespace - + the value of this field for those objects will be empty. \n + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If ALL + objects in the list have been deleted, this object will be + garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. + items: + description: OwnerReference contains enough information to + let you identify an owning object. An owning object must + be in the same namespace as the dependent, or be cluster-scoped, + so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. Defaults + to false. To set this field, a user needs "delete" permission + of the owner, otherwise 422 (Unprocessable Entity) will + be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + configSource: + description: ConfigSource is used to populate in the associated + Node for dynamic kubelet config. This field already exists + in Node, so any updates to it in the Machine spec will be + automatically copied to the linked NodeRef from the status. + The rest of dynamic kubelet config support should then work + as-is. + properties: + configMap: + description: ConfigMap is a reference to a Node's ConfigMap + properties: + kubeletConfigKey: + description: KubeletConfigKey declares which key of + the referenced ConfigMap corresponds to the KubeletConfiguration + structure This field is required in all cases. + type: string + name: + description: Name is the metadata.name of the referenced + ConfigMap. This field is required in all cases. + type: string + namespace: + description: Namespace is the metadata.namespace of + the referenced ConfigMap. This field is required in + all cases. + type: string + resourceVersion: + description: ResourceVersion is the metadata.ResourceVersion + of the referenced ConfigMap. This field is forbidden + in Node.Spec, and required in Node.Status. + type: string + uid: + description: UID is the metadata.UID of the referenced + ConfigMap. This field is forbidden in Node.Spec, and + required in Node.Status. + type: string + required: + - kubeletConfigKey + - name + - namespace + type: object + type: object + metadata: + description: ObjectMeta will autopopulate the Node created. + Use this to indicate what labels, annotations, name prefix, + etc., should be used when creating the Node. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name + field has not been provided. If this field is used, the + name returned to the client will be different than the + name passed. This value will also be combined with a unique + suffix. The provided value has the same validation rules + as the Name field, and may be truncated by the length + of the suffix required to make the value unique on the + server. \n If this field is specified and the generated + name exists, the server will NOT return a 409 - instead, + it will either return 201 Created or 500 with Reason ServerTimeout + indicating a unique name could not be found in the time + allotted, and the client should retry (optionally after + the time indicated in the Retry-After header). \n Applied + only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is + required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If + ALL objects in the list have been deleted, this object + will be garbage collected. If this object is managed by + a controller, then an entry in this list will point to + this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from + the key-value store until this reference is removed. + Defaults to false. To set this field, a user needs + "delete" permission of the owner, otherwise 422 + (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the + managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + type: object + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api as + provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as a + generic out-of-tree provider for autoscaler, this field is + required by autoscaler to be able to have a provider view + of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to find + out unregistered machines and are marked for delete. This + field will be set by the actuators and consumed by higher + level entities like autoscaler that will be interfacing with + cluster-api as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration + to use during node creation. + properties: + value: + description: Value is an inlined, serialized representation + of the resource configuration. It is recommended that + providers maintain their own versioned API types that + should be serialized/deserialized from this field, akin + to component config. + type: object + valueFrom: + description: Source for the provider configuration. Cannot + be used if value is not empty. + properties: + machineClass: + description: The machine class from which the provider + config should be sourced. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + provider: + description: Provider is the name of the cloud-provider + which MachineClass is intended for. + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + taints: + description: The list of the taints to be applied to the corresponding + Node in additive manner. This list will not overwrite any + other taints added to the Node on an ongoing basis by other + entities. These taints should be actively reconciled e.g. + if you ask the machine controller to apply a taint and then + manually remove the taint the machine controller will put + it back) but not have the machine controller remove any taints + items: + description: The node this Taint is attached to has the "effect" + on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods + that do not tolerate the taint. Valid effects are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the + taint was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: Required. The taint value corresponding to + the taint key. + type: string + required: + - effect + - key + type: object + type: array + versions: + description: Versions of key software to use. This field is + optional at cluster creation time, and omitting the field + indicates that the cluster installation tool should select + defaults for the user. These defaults may differ based on + the cluster installer, but the tool should populate the values + it uses when persisting Machine objects. A Machine spec missing + this field at runtime is invalid. + properties: + controlPlane: + description: ControlPlane is the semantic version of the + Kubernetes control plane to run. This should only be populated + when the machine is a control plane. + type: string + kubelet: + description: Kubelet is the semantic version of kubelet + to run + type: string + required: + - kubelet + type: object + type: object + type: object + required: + - selector + type: object + status: + description: / [MachineSetStatus] MachineSetStatus defines the observed + state of MachineSet + properties: + availableReplicas: + description: The number of available replicas (ready for at least minReadySeconds) + for this MachineSet. + format: int32 + type: integer + errorMessage: + type: string + errorReason: + description: "In the event that there is a terminal problem reconciling + the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason + will be populated with a succinct value suitable for machine interpretation, + while ErrorMessage will contain a more verbose string suitable for + logging and human consumption. \n These fields should not be set for + transitive errors that a controller faces that are expected to be + fixed automatically over time (like service outages), but instead + indicate that something is fundamentally wrong with the MachineTemplate's + spec or the configuration of the machine controller, and that manual + intervention is required. Examples of terminal errors would be invalid + combinations of settings in the spec, values that are unsupported + by the machine controller, or the responsible machine controller itself + being critically misconfigured. \n Any transient errors that occur + during the reconciliation of Machines can be added as events to the + MachineSet object and/or logged in the controller's output." + type: string + fullyLabeledReplicas: + description: The number of replicas that have labels matching the labels + of the machine template of the MachineSet. + format: int32 + type: integer + observedGeneration: + description: ObservedGeneration reflects the generation of the most + recently observed MachineSet. + format: int64 + type: integer + readyReplicas: + description: The number of ready replicas for this MachineSet. A machine + is considered ready when the node has been created and is "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + required: + - replicas + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/clusters.clusterpedia.io/pediacluster.yaml b/definitions/clusters.clusterpedia.io/pediacluster.yaml new file mode 100644 index 000000000..5ec5ca968 --- /dev/null +++ b/definitions/clusters.clusterpedia.io/pediacluster.yaml @@ -0,0 +1,217 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: pediaclusters.clusters.clusterpedia.io +spec: + group: clusters.clusterpedia.io + names: + kind: PediaCluster + listKind: PediaClusterList + plural: pediaclusters + singular: pediacluster + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiserverURL + name: APIServer URL + type: string + - jsonPath: .status.version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type == 'Ready')].reason + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiserverURL: + type: string + caData: + type: string + certData: + type: string + keyData: + type: string + resources: + items: + properties: + group: + type: string + resources: + items: + type: string + minItems: 1 + type: array + versions: + items: + type: string + type: array + required: + - group + - resources + type: object + type: array + tokenData: + type: string + required: + - apiserverURL + - resources + type: object + status: + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + resources: + items: + properties: + group: + type: string + resources: + items: + properties: + kind: + type: string + namespaced: + type: boolean + resource: + type: string + syncConditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + description: optional + type: string + reason: + description: optional + type: string + status: + type: string + storageVersion: + description: optional + type: string + storrageResource: + description: optional + type: string + version: + type: string + required: + - lastTransitionTime + - status + - version + type: object + type: array + required: + - kind + - namespaced + - resource + - syncConditions + type: object + type: array + required: + - group + - resources + type: object + type: array + version: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/configuration.konghq.com/kongcredential.yaml b/definitions/configuration.konghq.com/kongcredential.yaml new file mode 100644 index 000000000..db7ae6984 --- /dev/null +++ b/definitions/configuration.konghq.com/kongcredential.yaml @@ -0,0 +1,34 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: kongcredentials.configuration.konghq.com +spec: + group: configuration.konghq.com + version: v1 + scope: Namespaced + names: + kind: KongCredential + plural: kongcredentials + additionalPrinterColumns: + - name: Credential-type + type: string + description: Type of credential + JSONPath: .type + - name: Age + type: date + description: Age + JSONPath: .metadata.creationTimestamp + - name: Consumer-Ref + type: string + description: Owner of the credential + JSONPath: .consumerRef + validation: + openAPIV3Schema: + required: + - consumerRef + - type + properties: + consumerRef: + type: string + type: + type: string diff --git a/definitions/core.oam.dev/envbinding.yaml b/definitions/core.oam.dev/envbinding.yaml new file mode 100644 index 000000000..9505bf4a9 --- /dev/null +++ b/definitions/core.oam.dev/envbinding.yaml @@ -0,0 +1,318 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + name: envbindings.core.oam.dev +spec: + group: core.oam.dev + names: + categories: + - oam + kind: EnvBinding + listKind: EnvBindingList + plural: envbindings + shortNames: + - envbind + singular: envbinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.engine + name: ENGINE + type: string + - jsonPath: .status.phase + name: PHASE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: EnvBinding is the Schema for the EnvBinding API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A EnvBindingSpec defines the desired state of a EnvBinding. + properties: + appTemplate: + description: AppTemplate indicates the application template. + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + engine: + description: ClusterManagementEngine represents a multi-cluster management + solution + type: string + envs: + items: + description: EnvConfig is the configuration for different environments. + properties: + name: + type: string + patch: + description: EnvPatch specify the parameter configuration for + different environments + properties: + components: + items: + description: ApplicationComponent describe the component + of application + properties: + dependsOn: + items: + type: string + type: array + externalRevision: + description: ExternalRevision specified the component + revisionName + type: string + inputs: + description: StepInputs defines variable input of + WorkflowStep + items: + properties: + from: + type: string + parameterKey: + type: string + required: + - from + - parameterKey + type: object + type: array + name: + type: string + outputs: + description: StepOutputs defines output variable of + WorkflowStep + items: + properties: + name: + type: string + valueFrom: + type: string + required: + - name + - valueFrom + type: object + type: array + properties: + type: object + x-kubernetes-preserve-unknown-fields: true + scopes: + additionalProperties: + type: string + description: scopes in ApplicationComponent defines + the component-level scopes the format is + pairs, the key represents type of `ScopeDefinition` + while the value represent the name of scope instance. + type: object + x-kubernetes-preserve-unknown-fields: true + traits: + description: Traits define the trait of one component, + the type must be array to keep the order. + items: + description: ApplicationTrait defines the trait + of application + properties: + properties: + type: object + x-kubernetes-preserve-unknown-fields: true + type: + type: string + required: + - type + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - components + type: object + placement: + description: EnvPlacement defines the placement rules for an + app. + properties: + clusterSelector: + description: ClusterSelector defines the rules to select + a Cluster resource. Either name or labels is needed. + properties: + labels: + additionalProperties: + type: string + description: Labels defines the label selector to select + the cluster. + type: object + name: + description: Name is the name of the cluster. + type: string + type: object + namespaceSelector: + description: NamespaceSelector defines the rules to select + a Namespace resource. Either name or labels is needed. + properties: + labels: + additionalProperties: + type: string + description: Labels defines the label selector to select + the namespace. + type: object + name: + description: Name is the name of the namespace. + type: string + type: object + type: object + selector: + description: EnvSelector defines which components should this + env contains + properties: + components: + items: + type: string + type: array + type: object + required: + - name + - patch + type: object + type: array + outputResourcesTo: + description: OutputResourcesTo specifies the namespace and name of + a ConfigMap which store the resources rendered after differentiated + configuration + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + type: object + required: + - appTemplate + - envs + type: object + status: + description: A EnvBindingStatus is the status of EnvBinding + properties: + clusterDecisions: + items: + description: ClusterDecision recorded the mapping of environment + and cluster + properties: + cluster: + type: string + env: + type: string + namespace: + type: string + required: + - env + type: object + type: array + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + phase: + description: EnvBindingPhase is a label for the condition of a EnvBinding + at the current time + type: string + resourceTracker: + description: ResourceTracker record the status of the ResourceTracker + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/core.oam.dev/healthscope.yaml b/definitions/core.oam.dev/healthscope.yaml new file mode 100644 index 000000000..7fbd4e0ec --- /dev/null +++ b/definitions/core.oam.dev/healthscope.yaml @@ -0,0 +1,587 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + name: healthscopes.core.oam.dev +spec: + group: core.oam.dev + names: + categories: + - oam + kind: HealthScope + listKind: HealthScopeList + plural: healthscopes + singular: healthscope + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.health + name: HEALTH + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: A HealthScope determines an aggregate health status based of + the health of components. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A HealthScopeSpec defines the desired state of a HealthScope. + properties: + appReferences: + description: AppRefs records references of applications' components + items: + description: AppReference records references of an application's + components + properties: + appName: + type: string + compReferences: + items: + description: CompReference records references of a component's + resources + properties: + compName: + type: string + traits: + items: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. + --- New uses of this type are discouraged because + of difficulty describing its usage when embedded in + APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual + usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must + refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well + described when embedded. 3. Inconsistent validation. + \ Because the usages are different, the validation + rules are different by usage, which makes it hard + for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not + a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. + \ In most cases, the dependency is on the group,resource + tuple and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs + embed an underspecified API type they do not control. + \n Instead of using this type, create a locally provided + and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to + the name of the container that triggered the event) + or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax + is chosen only to have some well-defined way of + referencing a part of an object. TODO: this design + is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + workload: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- + New uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored + fields. It includes many fields which are not generally + honored. For instance, ResourceVersion and FieldPath + are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are + particular restrictions like, \"must refer only to types + A and B\" or \"UID not honored\" or \"name must be restricted\". + Those cannot be well described when embedded. 3. Inconsistent + validation. Because the usages are different, the validation + rules are different by usage, which makes it hard for + users to predict what will happen. 4. The fields are + both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during + interpretation and require a REST mapping. In most + cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is + embedded in many locations, updates to this type will + affect numerous schemas. Don't make new APIs embed + an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used + type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + type: array + probe-interval: + description: ProbeInterval is the amount of time in seconds between + probing tries. + format: int32 + type: integer + probe-timeout: + description: ProbeTimeout is the amount of time in seconds to wait + when receiving a response before marked failure. + format: int32 + type: integer + workloadRefs: + description: WorkloadReferences to the workloads that are in this + scope. + items: + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + required: + - workloadRefs + type: object + status: + description: A HealthScopeStatus represents the observed state of a HealthScope. + properties: + appHealthConditions: + description: AppHealthConditions represents health condition of applications + in the scope + items: + description: AppHealthCondition represents health condition of an + application + properties: + appName: + type: string + components: + items: + description: WorkloadHealthCondition represents informative + health condition of a workload. + properties: + componentName: + description: ComponentName represents the component name + if target is a workload + type: string + customStatusMsg: + type: string + diagnosis: + type: string + healthStatus: + description: HealthStatus represents health status strings. + type: string + targetWorkload: + description: "ObjectReference contains enough information + to let you inspect or modify the referred object. --- + New uses of this type are discouraged because of difficulty + describing its usage when embedded in APIs. 1. Ignored + fields. It includes many fields which are not generally + honored. For instance, ResourceVersion and FieldPath + are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for + individual usage. In most embedded usages, there are + particular restrictions like, \"must refer only to types + A and B\" or \"UID not honored\" or \"name must be restricted\". + Those cannot be well described when embedded. 3. Inconsistent + validation. Because the usages are different, the validation + rules are different by usage, which makes it hard for + users to predict what will happen. 4. The fields are + both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during + interpretation and require a REST mapping. In most + cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is + embedded in many locations, updates to this type will + affect numerous schemas. Don't make new APIs embed + an underspecified API type they do not control. \n Instead + of using this type, create a locally provided and used + type that is well-focused on your reference. For example, + ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + traits: + items: + description: TraitHealthCondition represents informative + health condition of a trait. + properties: + customStatusMsg: + type: string + diagnosis: + type: string + healthStatus: + description: HealthStatus represents health status + strings. + type: string + resource: + type: string + type: + type: string + required: + - healthStatus + - resource + - type + type: object + type: array + workloadStatus: + description: WorkloadStatus represents status of workloads + whose HealthStatus is UNKNOWN. + type: string + required: + - healthStatus + type: object + type: array + envName: + type: string + required: + - appName + type: object + type: array + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + healthConditions: + description: WorkloadHealthConditions represents health condition + of workloads in the scope Use AppHealthConditions to provide app + level status + items: + description: WorkloadHealthCondition represents informative health + condition of a workload. + properties: + componentName: + description: ComponentName represents the component name if + target is a workload + type: string + customStatusMsg: + type: string + diagnosis: + type: string + healthStatus: + description: HealthStatus represents health status strings. + type: string + targetWorkload: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + traits: + items: + description: TraitHealthCondition represents informative health + condition of a trait. + properties: + customStatusMsg: + type: string + diagnosis: + type: string + healthStatus: + description: HealthStatus represents health status strings. + type: string + resource: + type: string + type: + type: string + required: + - healthStatus + - resource + - type + type: object + type: array + workloadStatus: + description: WorkloadStatus represents status of workloads whose + HealthStatus is UNKNOWN. + type: string + required: + - healthStatus + type: object + type: array + scopeHealthCondition: + description: ScopeHealthCondition represents health condition summary + of the scope + properties: + healthStatus: + description: HealthStatus represents health status strings. + type: string + healthyWorkloads: + format: int64 + type: integer + total: + format: int64 + type: integer + unhealthyWorkloads: + format: int64 + type: integer + unknownWorkloads: + format: int64 + type: integer + required: + - healthStatus + type: object + required: + - scopeHealthCondition + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/core.oam.dev/manualscalertrait.yaml b/definitions/core.oam.dev/manualscalertrait.yaml index ab920a15d..568535e3c 100644 --- a/definitions/core.oam.dev/manualscalertrait.yaml +++ b/definitions/core.oam.dev/manualscalertrait.yaml @@ -1,115 +1,129 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.6.2 name: manualscalertraits.core.oam.dev spec: group: core.oam.dev names: categories: - - crossplane - oam kind: ManualScalerTrait listKind: ManualScalerTraitList plural: manualscalertraits singular: manualscalertrait scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: A ManualScalerTrait determines how many replicas a workload should - have. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait. - properties: - replicaCount: - description: ReplicaCount of the workload this trait applies to. - format: int32 - type: integer - workloadRef: - description: WorkloadReference to the workload this trait applies to. - properties: - apiVersion: - description: APIVersion of the referenced object. - type: string - kind: - description: Kind of the referenced object. - type: string - name: - description: Name of the referenced object. - type: string - uid: - description: UID of the referenced object. - type: string - required: - - apiVersion - - kind - - name - type: object - required: - - replicaCount - - workloadRef - type: object - status: - description: A ManualScalerTraitStatus represents the observed state of - a ManualScalerTrait. - properties: - conditions: - description: Conditions of the resource. - items: - description: A Condition that may apply to a resource. + versions: + - name: v1alpha2 + schema: + openAPIV3Schema: + description: A ManualScalerTrait determines how many replicas a workload should + have. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A ManualScalerTraitSpec defines the desired state of a ManualScalerTrait. + properties: + replicaCount: + description: ReplicaCount of the workload this trait applies to. + format: int32 + type: integer + workloadRef: + description: WorkloadReference to the workload this trait applies + to. properties: - lastTransitionTime: - description: LastTransitionTime is the last time this condition - transitioned from one status to another. - format: date-time + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' type: string - message: - description: A Message containing details about this condition's - last transition from one status to another, if any. + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - reason: - description: A Reason for this condition's last transition from - one status to another. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - status: - description: Status of this condition; is it currently True, False, - or Unknown? + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - type: - description: Type of this condition. At most one of each condition - type may apply to a resource at any point in time. + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string - required: - - lastTransitionTime - - reason - - status - - type type: object - type: array - type: object - type: object - version: v1alpha2 - versions: - - name: v1alpha2 + required: + - replicaCount + - workloadRef + type: object + status: + description: A ManualScalerTraitStatus represents the observed state of + a ManualScalerTrait. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/definitions/core.oam.dev/scopedefinition.yaml b/definitions/core.oam.dev/scopedefinition.yaml index 62f533ea1..d336319ef 100644 --- a/definitions/core.oam.dev/scopedefinition.yaml +++ b/definitions/core.oam.dev/scopedefinition.yaml @@ -1,76 +1,147 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.9.2 name: scopedefinitions.core.oam.dev spec: - additionalPrinterColumns: - - JSONPath: .spec.definitionRef.name - name: DEFINITION-NAME - type: string group: core.oam.dev names: categories: - - crossplane - oam kind: ScopeDefinition listKind: ScopeDefinitionList plural: scopedefinitions + shortNames: + - scope singular: scopedefinition - scope: Cluster - subresources: {} - validation: - openAPIV3Schema: - description: A ScopeDefinition registers a kind of Kubernetes custom resource - as a valid OAM scope kind by referencing its CustomResourceDefinition. The - CRD is used to validate the schema of the scope when it is embedded in an - OAM ApplicationConfiguration. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition. - properties: - allowComponentOverlap: - description: AllowComponentOverlap specifies whether an OAM component - may exist in multiple instances of this kind of scope. - type: boolean - definitionRef: - description: Reference to the CustomResourceDefinition that defines - this scope kind. - properties: - name: - description: Name of the referenced CustomResourceDefinition. - type: string - required: - - name - type: object - required: - - allowComponentOverlap - - definitionRef - type: object - type: object - version: v1alpha2 + scope: Namespaced versions: - - name: v1alpha2 + - additionalPrinterColumns: + - jsonPath: .spec.definitionRef.name + name: DEFINITION-NAME + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: A ScopeDefinition registers a kind of Kubernetes custom resource + as a valid OAM scope kind by referencing its CustomResourceDefinition. The + CRD is used to validate the schema of the scope when it is embedded in an + OAM ApplicationConfiguration. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition. + properties: + allowComponentOverlap: + description: AllowComponentOverlap specifies whether an OAM component + may exist in multiple instances of this kind of scope. + type: boolean + definitionRef: + description: Reference to the CustomResourceDefinition that defines + this scope kind. + properties: + name: + description: Name of the referenced CustomResourceDefinition. + type: string + version: + description: Version indicate which version should be used if + CRD has multiple versions by default it will use the first one + if not specified + type: string + required: + - name + type: object + extension: + description: Extension is used for extension needs by OAM platform + builders + type: object + x-kubernetes-preserve-unknown-fields: true + workloadRefsPath: + description: WorkloadRefsPath indicates if/where a scope accepts workloadRef + objects + type: string + required: + - allowComponentOverlap + - definitionRef + type: object + type: object + served: true + storage: false + subresources: {} + - additionalPrinterColumns: + - jsonPath: .spec.definitionRef.name + name: DEFINITION-NAME + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: A ScopeDefinition registers a kind of Kubernetes custom resource + as a valid OAM scope kind by referencing its CustomResourceDefinition. The + CRD is used to validate the schema of the scope when it is embedded in an + OAM ApplicationConfiguration. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A ScopeDefinitionSpec defines the desired state of a ScopeDefinition. + properties: + allowComponentOverlap: + description: AllowComponentOverlap specifies whether an OAM component + may exist in multiple instances of this kind of scope. + type: boolean + definitionRef: + description: Reference to the CustomResourceDefinition that defines + this scope kind. + properties: + name: + description: Name of the referenced CustomResourceDefinition. + type: string + version: + description: Version indicate which version should be used if + CRD has multiple versions by default it will use the first one + if not specified + type: string + required: + - name + type: object + extension: + description: Extension is used for extension needs by OAM platform + builders + type: object + x-kubernetes-preserve-unknown-fields: true + workloadRefsPath: + description: WorkloadRefsPath indicates if/where a scope accepts workloadRef + objects + type: string + required: + - allowComponentOverlap + - definitionRef + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + subresources: {} diff --git a/definitions/crunchydata.com/perconapgcluster.yaml b/definitions/crunchydata.com/perconapgcluster.yaml new file mode 100644 index 000000000..7a52e4c87 --- /dev/null +++ b/definitions/crunchydata.com/perconapgcluster.yaml @@ -0,0 +1,1905 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: perconapgclusters.crunchydata.com +spec: + group: crunchydata.com + names: + kind: PerconaPGCluster + listKind: PerconaPGClusterList + plural: perconapgclusters + singular: perconapgcluster + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + backup: + properties: + affinity: + properties: + advanced: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + antiAffinityTopologyKey: + type: string + antiAffinityType: + type: string + nodeAffinityType: + type: string + nodeLabel: + additionalProperties: + type: string + type: object + type: object + backrestRepoImage: + type: string + customConfig: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + repoPath: + type: string + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + schedule: + items: + properties: + backrestOpts: + type: string + keep: + format: int64 + type: integer + name: + type: string + schedule: + type: string + storage: + type: string + type: + type: string + type: object + type: array + serviceAccount: + type: string + storageTypes: + items: + type: string + type: array + storages: + additionalProperties: + properties: + bucket: + type: string + endpointUrl: + type: string + keyType: + type: string + region: + type: string + type: + type: string + uriStyle: + type: string + verifyTLS: + type: boolean + type: object + type: object + volumeSpec: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + type: object + database: + type: string + disableAutofail: + type: boolean + keepBackups: + type: boolean + keepData: + type: boolean + namespace: + type: string + pause: + type: boolean + pgBadger: + properties: + enabled: + type: boolean + image: + type: string + imagePullPolicy: + type: string + port: + type: integer + type: object + pgBouncer: + properties: + affinity: + properties: + advanced: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + antiAffinityTopologyKey: + type: string + antiAffinityType: + type: string + nodeAffinityType: + type: string + nodeLabel: + additionalProperties: + type: string + type: object + type: object + expose: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + serviceType: + type: string + type: object + exposePostgresUser: + type: boolean + image: + type: string + imagePullPolicy: + type: string + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + size: + format: int32 + type: integer + tlsSecret: + type: string + type: object + pgDataSource: + properties: + namespace: + type: string + restoreFrom: + type: string + restoreOpts: + type: string + type: object + pgPrimary: + properties: + affinity: + properties: + advanced: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + antiAffinityTopologyKey: + type: string + antiAffinityType: + type: string + nodeAffinityType: + type: string + nodeLabel: + additionalProperties: + type: string + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + customconfig: + type: string + expose: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + serviceType: + type: string + type: object + image: + type: string + imagePullPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + nodeAffinitySpec: + properties: + default: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + type: object + nodeSelector: + type: string + podSecurityContext: + type: string + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeClassName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumeSpec: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + type: object + pgReplicas: + properties: + hotStandby: + properties: + annotations: + additionalProperties: + type: string + type: object + enableSyncStandby: + type: boolean + expose: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + serviceType: + type: string + type: object + imagePullPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + size: + type: integer + volumeSpec: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + type: object + type: object + pmm: + properties: + enabled: + type: boolean + image: + type: string + imagePullPolicy: + type: string + pmmSecret: + type: string + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + serverHost: + type: string + serverUser: + type: string + type: object + port: + type: string + secretsName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + sslCA: + type: string + sslReplicationSecretName: + type: string + sslSecretName: + type: string + standby: + type: boolean + tablespaceStorages: + additionalProperties: + properties: + volumeSpec: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + type: object + type: object + tls: + properties: + SANs: + items: + type: string + type: array + issuerConf: + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + type: object + tlsOnly: + type: boolean + upgradeOptions: + properties: + apply: + type: string + schedule: + type: string + versionServiceEndpoint: + type: string + type: object + user: + type: string + userLabels: + additionalProperties: + type: string + type: object + walStorage: + properties: + volumeSpec: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + type: object + type: object + status: + properties: + labelSelectorPath: + type: string + size: + format: int32 + type: integer + type: object + type: object + served: true + storage: true diff --git a/definitions/crunchydata.com/pgcluster.yaml b/definitions/crunchydata.com/pgcluster.yaml new file mode 100644 index 000000000..106d56382 --- /dev/null +++ b/definitions/crunchydata.com/pgcluster.yaml @@ -0,0 +1,567 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: pgclusters.crunchydata.com +spec: + group: crunchydata.com + names: + kind: Pgcluster + listKind: PgclusterList + plural: pgclusters + singular: pgcluster + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + BackrestStorage: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + PGAdminStorage: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + PrimaryStorage: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + ReplicaStorage: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + WALStorage: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + annotations: + properties: + backrest: + additionalProperties: + type: string + type: object + global: + additionalProperties: + type: string + type: object + pgBouncer: + additionalProperties: + type: string + type: object + postgres: + additionalProperties: + type: string + type: object + type: object + backrestConfig: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + backrestGCSBucket: + type: string + backrestGCSEndpoint: + type: string + backrestGCSKeyType: + type: string + backrestImage: + type: string + backrestLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + backrestRepoImage: + type: string + backrestRepoPath: + type: string + backrestResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + backrestS3Bucket: + type: string + backrestS3Endpoint: + type: string + backrestS3Region: + type: string + backrestS3URIStyle: + type: string + backrestS3VerifyTLS: + type: string + backrestStorageTypes: + items: + type: string + type: array + ccpimage: + type: string + ccpimageprefix: + type: string + ccpimagetag: + type: string + clustername: + type: string + customconfig: + type: string + database: + type: string + disableAutofail: + type: boolean + exporter: + type: boolean + exporterLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + exporterResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + exporterport: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + name: + type: string + nodeAffinity: + properties: + default: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + type: object + passwordType: + type: string + pgAdminImage: + type: string + pgBadger: + type: boolean + pgBadgerImage: + type: string + pgBouncer: + properties: + exposePostgresUser: + type: boolean + image: + type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + replicas: + format: int32 + type: integer + resources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + serviceType: + type: string + tlsSecret: + type: string + type: object + pgDataSource: + properties: + namespace: + type: string + restoreFrom: + type: string + restoreOpts: + type: string + type: object + pgImage: + type: string + pgbadgerport: + type: string + pgoimageprefix: + type: string + podAntiAffinity: + properties: + default: + type: string + pgBackRest: + type: string + pgBouncer: + type: string + type: object + policies: + type: string + port: + type: string + replicas: + type: string + resources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + serviceType: + type: string + shutdown: + type: boolean + standby: + type: boolean + status: + type: string + syncReplication: + type: boolean + tablespaceMounts: + additionalProperties: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + type: object + tls: + properties: + caSecret: + type: string + replicationTLSSecret: + type: string + tlsSecret: + type: string + type: object + tlsOnly: + type: boolean + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + user: + type: string + userlabels: + additionalProperties: + type: string + type: object + type: object + status: + properties: + message: + type: string + state: + type: string + type: object + type: object + served: true + storage: true diff --git a/definitions/crunchydata.com/pgpolicy.yaml b/definitions/crunchydata.com/pgpolicy.yaml new file mode 100644 index 000000000..91a48228f --- /dev/null +++ b/definitions/crunchydata.com/pgpolicy.yaml @@ -0,0 +1,44 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: pgpolicies.crunchydata.com +spec: + group: crunchydata.com + names: + kind: Pgpolicy + listKind: PgpolicyList + plural: pgpolicies + singular: pgpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + name: + type: string + sql: + type: string + status: + type: string + type: object + status: + properties: + message: + type: string + state: + type: string + type: object + type: object + served: true + storage: true diff --git a/definitions/crunchydata.com/pgreplica.yaml b/definitions/crunchydata.com/pgreplica.yaml new file mode 100644 index 000000000..81c552b3f --- /dev/null +++ b/definitions/crunchydata.com/pgreplica.yaml @@ -0,0 +1,177 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: pgreplicas.crunchydata.com +spec: + group: crunchydata.com + names: + kind: Pgreplica + listKind: PgreplicaList + plural: pgreplicas + singular: pgreplica + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + clustername: + type: string + name: + type: string + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + replicastorage: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + serviceType: + type: string + status: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + userlabels: + additionalProperties: + type: string + type: object + type: object + status: + properties: + message: + type: string + state: + type: string + type: object + type: object + served: true + storage: true diff --git a/definitions/crunchydata.com/pgtask.yaml b/definitions/crunchydata.com/pgtask.yaml new file mode 100644 index 000000000..7d4f8711d --- /dev/null +++ b/definitions/crunchydata.com/pgtask.yaml @@ -0,0 +1,66 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: pgtasks.crunchydata.com +spec: + group: crunchydata.com + names: + kind: Pgtask + listKind: PgtaskList + plural: pgtasks + singular: pgtask + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + name: + type: string + parameters: + additionalProperties: + type: string + type: object + status: + type: string + storagespec: + properties: + accessmode: + type: string + matchLabels: + type: string + name: + type: string + size: + type: string + storageclass: + type: string + storagetype: + type: string + supplementalgroups: + type: string + type: object + tasktype: + type: string + type: object + status: + properties: + message: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + diff --git a/definitions/csi.storage.k8s.io/csinodeinfo.yaml b/definitions/csi.storage.k8s.io/csinodeinfo.yaml new file mode 100644 index 000000000..0d8510d9b --- /dev/null +++ b/definitions/csi.storage.k8s.io/csinodeinfo.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: csinodeinfos.csi.storage.k8s.io + annotations: + #"helm.sh/hook-delete-policy": before-hook-creation,hook-failed + "helm.sh/hook-delete-policy": before-hook-creation +spec: + group: csi.storage.k8s.io + names: + kind: CSINodeInfo + plural: csinodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + csiDrivers: + description: List of CSI drivers running on the node and their properties. + items: + properties: + driver: + description: The CSI driver that this object refers to. + type: string + nodeID: + description: The node from the driver point of view. + type: string + topologyKeys: + description: List of keys supported by the driver. + items: + type: string + type: array + type: array + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/dapr.io/component.yaml b/definitions/dapr.io/component.yaml index 389d94eae..96df2a697 100644 --- a/definitions/dapr.io/component.yaml +++ b/definitions/dapr.io/component.yaml @@ -1,35 +1,24 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.2 name: components.dapr.io labels: app.kubernetes.io/part-of: "dapr" spec: group: dapr.io - names: - kind: Component - listKind: ComponentList - plural: components - singular: component - scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: - description: Component describes an Dapr component type. + description: Component describes an Dapr component type properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string auth: - description: Auth represents authentication details for the component. + description: Auth represents authentication details for the component properties: secretStore: type: string @@ -37,12 +26,9 @@ spec: - secretStore type: object kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -51,38 +37,32 @@ spec: type: string type: array spec: - description: ComponentSpec is the spec for a component. + description: ComponentSpec is the spec for a component properties: - ignoreErrors: - type: boolean initTimeout: type: string + ignoreErrors: + type: boolean metadata: items: - description: NameValuePair is a name/value pair. + description: MetadataItem is a name/value pair for a metadata properties: - envRef: - description: EnvRef is the name of an environmental variable - to read the value from. - type: string name: - description: Name of the property. type: string secretKeyRef: - description: SecretKeyRef is the reference of a value in a secret - store component. + description: SecretKeyRef is a reference to a secret holding + the value for the metadata item. Name is the secret name, + and key is the field in the secret. properties: key: - description: Field in the secret. type: string name: - description: Secret name. type: string required: + - key - name type: object value: - description: Value of the property, in plaintext. x-kubernetes-preserve-unknown-fields: true required: - name @@ -100,4 +80,12 @@ spec: type: object served: true storage: true + names: + kind: Component + plural: components + singular: component + categories: + - all + - dapr + scope: Namespaced diff --git a/definitions/dapr.io/configuration.yaml b/definitions/dapr.io/configuration.yaml index 68eea0576..19d54a9cb 100644 --- a/definitions/dapr.io/configuration.yaml +++ b/definitions/dapr.io/configuration.yaml @@ -1,9 +1,9 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: configurations.dapr.io labels: app.kubernetes.io/part-of: "dapr" @@ -22,24 +22,19 @@ spec: description: Configuration describes an Dapr configuration setting. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: ConfigurationSpec is the spec for a configuration. + description: ConfigurationSpec is the spec for an configuration. properties: accessControl: description: AccessControlSpec is the spec object in ConfigurationSpec. @@ -88,29 +83,9 @@ spec: description: APISpec describes the configuration for Dapr APIs. properties: allowed: - description: List of allowed APIs. Can be used in conjunction - with denied. items: description: APIAccessRule describes an access rule for allowing - or denying a Dapr API. - properties: - name: - type: string - protocol: - type: string - version: - type: string - required: - - name - - version - type: object - type: array - denied: - description: List of denied APIs. Can be used in conjunction with - allowed. - items: - description: APIAccessRule describes an access rule for allowing - or denying a Dapr API. + a Dapr API to be enabled and accessible by an app. properties: name: type: string @@ -224,30 +199,6 @@ spec: required: - handlers type: object - logging: - description: LoggingSpec defines the configuration for logging. - properties: - apiLogging: - description: Configure API logging. - properties: - enabled: - description: |- - Default value for enabling API logging. Sidecars can always override this by setting `--enable-api-logging` to true or false explicitly. - The default value is false. - type: boolean - obfuscateURLs: - description: |- - When enabled, obfuscates the values of URLs in HTTP API logs, logging the route name rather than the full path being invoked, which could contain PII. - Default: false. - This option has no effect if API logging is disabled. - type: boolean - omitHealthChecks: - description: |- - If true, health checks are not reported in API logs. Default: false. - This option has no effect if API logging is disabled. - type: boolean - type: object - type: object metric: default: enabled: true @@ -255,130 +206,6 @@ spec: properties: enabled: type: boolean - http: - description: MetricHTTP defines configuration for metrics for - the HTTP server - properties: - excludeVerbs: - description: If true (default is false) HTTP verbs (e.g., - GET, POST) are excluded from the metrics. - type: boolean - increasedCardinality: - description: |- - If false, metrics for the HTTP server are collected with increased cardinality. - The default is true in Dapr 1.13, but will be changed to false in 1.15+ - type: boolean - pathMatching: - items: - type: string - type: array - type: object - latencyDistributionBuckets: - description: |- - The LatencyDistributionBuckets variable specifies the latency distribution buckets (in milliseconds) used for - histograms in the application. If this variable is not set or left empty, the application will default to using the standard histogram buckets. - The default histogram latency buckets (in milliseconds) are as follows: - 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1,000, 2,000, 5,000, 10,000, 20,000, 50,000, 100,000. - items: - type: integer - type: array - recordErrorCodes: - type: boolean - rules: - items: - description: MetricsRule defines configuration options for a - metric. - properties: - labels: - items: - description: MetricsLabel defines an object that allows - to set regex expressions for a label. - properties: - name: - type: string - regex: - additionalProperties: - type: string - type: object - required: - - name - - regex - type: object - type: array - name: - type: string - required: - - labels - - name - type: object - type: array - required: - - enabled - type: object - metrics: - default: - enabled: true - description: MetricSpec defines metrics configuration. - properties: - enabled: - type: boolean - http: - description: MetricHTTP defines configuration for metrics for - the HTTP server - properties: - excludeVerbs: - description: If true (default is false) HTTP verbs (e.g., - GET, POST) are excluded from the metrics. - type: boolean - increasedCardinality: - description: |- - If false, metrics for the HTTP server are collected with increased cardinality. - The default is true in Dapr 1.13, but will be changed to false in 1.15+ - type: boolean - pathMatching: - items: - type: string - type: array - type: object - latencyDistributionBuckets: - description: |- - The LatencyDistributionBuckets variable specifies the latency distribution buckets (in milliseconds) used for - histograms in the application. If this variable is not set or left empty, the application will default to using the standard histogram buckets. - The default histogram latency buckets (in milliseconds) are as follows: - 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1,000, 2,000, 5,000, 10,000, 20,000, 50,000, 100,000. - items: - type: integer - type: array - recordErrorCodes: - type: boolean - rules: - items: - description: MetricsRule defines configuration options for a - metric. - properties: - labels: - items: - description: MetricsLabel defines an object that allows - to set regex expressions for a label. - properties: - name: - type: string - regex: - additionalProperties: - type: string - type: object - required: - - name - - regex - type: object - type: array - name: - type: string - required: - - labels - - name - type: object - type: array required: - enabled type: object @@ -387,40 +214,12 @@ spec: properties: allowedClockSkew: type: string - controlPlaneTrustDomain: - type: string enabled: type: boolean - sentryAddress: - type: string - tokenValidators: - description: |- - Additional token validators to use. - When Dapr is running in Kubernetes mode, this is in addition to the built-in "kubernetes" validator. - In self-hosted mode, enabling a custom validator will disable the built-in "insecure" validator. - items: - description: ValidatorSpec contains additional token validators - to use. - properties: - name: - description: Name of the validator - enum: - - jwks - type: string - options: - description: Options for the validator, if any - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - name - type: object - type: array workloadCertTTL: type: string required: - - controlPlaneTrustDomain - enabled - - sentryAddress type: object nameResolution: description: NameResolutionSpec is the spec for name resolution configuration. @@ -497,35 +296,6 @@ spec: required: - samplingRate type: object - wasm: - description: WasmSpec describes the security profile for all Dapr - Wasm components. - properties: - strictSandbox: - description: |- - Force enabling strict sandbox mode for all WASM components. - When this is enabled, WASM components always run in strict mode regardless of their configuration. - Strict mode enhances security of the WASM sandbox by limiting access to certain capabilities such as real-time clocks and random number generators. - type: boolean - type: object - workflow: - description: WorkflowSpec defines the configuration for Dapr workflows. - properties: - maxConcurrentActivityInvocations: - description: |- - maxConcurrentActivityInvocations is the maximum number of concurrent activities that can be processed by a single Dapr instance. - Attempted invocations beyond this will be queued until the number of concurrent invocations drops below this value. - If If omitted, no maximum will be enforced. - format: int32 - type: integer - maxConcurrentWorkflowInvocations: - description: |- - maxConcurrentWorkflowInvocations is the maximum number of concurrent workflow invocations that can be scheduled by a single Dapr instance. - Attempted invocations beyond this will be queued until the number of concurrent invocations drops below this value. - If omitted, no maximum will be enforced. - format: int32 - type: integer - type: object type: object type: object served: true diff --git a/definitions/dapr.io/resiliency.yaml b/definitions/dapr.io/resiliency.yaml index 377b91254..bbfc4bebe 100644 --- a/definitions/dapr.io/resiliency.yaml +++ b/definitions/dapr.io/resiliency.yaml @@ -1,9 +1,9 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null name: resiliencies.dapr.io labels: app.kubernetes.io/part-of: "dapr" @@ -14,6 +14,8 @@ spec: listKind: ResiliencyList plural: resiliencies singular: resiliency + categories: + - dapr scope: Namespaced versions: - name: v1alpha1 @@ -21,19 +23,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -63,19 +56,6 @@ spec: properties: duration: type: string - matching: - description: RetryMatching represents the rules to trigger - retry in specific scenarios. - properties: - gRPCStatusCodes: - description: GRPCStatusCodes represents gRPC status - codes to be retried. - type: string - httpStatusCodes: - description: HTTPStatusCodes represents HTTP status - codes to be retried. - type: string - type: object maxInterval: type: string maxRetries: @@ -151,3 +131,4 @@ spec: served: true storage: true + diff --git a/definitions/dapr.io/subscription.yaml b/definitions/dapr.io/subscription.yaml index cd7f142a3..dc60ed324 100644 --- a/definitions/dapr.io/subscription.yaml +++ b/definitions/dapr.io/subscription.yaml @@ -1,9 +1,6 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.2 name: subscriptions.dapr.io labels: app.kubernetes.io/part-of: "dapr" @@ -21,12 +18,6 @@ spec: conversionReviewVersions: - v1 - v2alpha1 - names: - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - singular: subscription - scope: Namespaced versions: - name: v1alpha1 schema: @@ -34,19 +25,14 @@ spec: description: Subscription describes an pub/sub event subscription. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -57,33 +43,18 @@ spec: spec: description: SubscriptionSpec is the spec for an event subscription. properties: - bulkSubscribe: - description: BulkSubscribe encapsulates the bulk subscription configuration - for a topic. - properties: - enabled: - type: boolean - maxAwaitDurationMs: - format: int32 - type: integer - maxMessagesCount: - format: int32 - type: integer - required: - - enabled - type: object - deadLetterTopic: - type: string - metadata: - additionalProperties: - type: string - type: object pubsubname: type: string route: type: string topic: type: string + deadLetterTopic: + type: string + metadata: + additionalProperties: + type: string + type: object required: - pubsubname - route @@ -98,19 +69,14 @@ spec: description: Subscription describes an pub/sub event subscription. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -121,24 +87,6 @@ spec: spec: description: SubscriptionSpec is the spec for an event subscription. properties: - bulkSubscribe: - description: The option to enable bulk subscription for this topic. - properties: - enabled: - type: boolean - maxAwaitDurationMs: - format: int32 - type: integer - maxMessagesCount: - format: int32 - type: integer - required: - - enabled - type: object - deadLetterTopic: - description: The optional dead letter queue for this topic to send - events to. - type: string metadata: additionalProperties: type: string @@ -151,22 +99,20 @@ spec: description: The Routes configuration for this topic. properties: default: - description: The default path for this topic. type: string rules: description: The list of rules for this topic. items: - description: |- - Rule is used to specify the condition for sending + description: Rule is used to specify the condition for sending a message to a specific path. properties: match: - description: |- - The optional CEL expression used to match the event. - If the match is not specified, then the route is considered - the default. The rules are tested in the order specified, - so they should be define from most-to-least specific. - The default route should appear last in the list. + description: The optional CEL expression used to match the + event. If the match is not specified, then the route is + considered the default. The rules are tested in the order + specified, so they should be define from most-to-least + specific. The default route should appear last in the + list. type: string path: description: The path for events that match this rule. @@ -180,6 +126,9 @@ spec: topic: description: The topic name to subscribe to. type: string + deadLetterTopic: + description: The optional dead letter queue for this topic to send events to. + type: string required: - pubsubname - routes @@ -188,4 +137,13 @@ spec: type: object served: true storage: true + names: + kind: Subscription + listKind: SubscriptionList + plural: subscriptions + singular: subscription + categories: + - all + - dapr + scope: Namespaced diff --git a/definitions/dataprotection.kubeblocks.io/backuptool.yaml b/definitions/dataprotection.kubeblocks.io/backuptool.yaml new file mode 100644 index 000000000..a8d247f8a --- /dev/null +++ b/definitions/dataprotection.kubeblocks.io/backuptool.yaml @@ -0,0 +1,320 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: backuptools.dataprotection.kubeblocks.io +spec: + group: dataprotection.kubeblocks.io + names: + categories: + - kubeblocks + kind: BackupTool + listKind: BackupToolList + plural: backuptools + singular: backuptool + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: BackupTool is the Schema for the backuptools API (defined by + provider) + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupToolSpec defines the desired state of BackupTool + properties: + backupCommands: + description: Array of command that apps can do database backup. from + invoke args the order of commands follows the order of array. + items: + type: string + type: array + deployKind: + default: job + description: 'which kind for run a backup tool, supported values: + job, statefulSet.' + enum: + - job + - statefulSet + type: string + env: + description: List of environment variables to set in the container. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in + the container. The keys defined within a source must be a C_IDENTIFIER. + All invalid keys will be reported as an event when the container + is starting. When a key exists in multiple sources, the value associated + with the last source will take precedence. Values defined by an + Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + image: + description: Backup tool Container image name. + type: string + incrementalBackupCommands: + description: Array of command that apps can do database incremental + backup. like xtrabackup, that can performs an incremental backup + file. + items: + type: string + type: array + logical: + description: backup tool can support logical restore, in this case, + restore NOT RESTART database. + properties: + incrementalRestoreCommands: + description: Array of incremental restore commands. + items: + type: string + type: array + podScope: + default: All + description: 'podScope defines the pod scope for restore from + backup, supported values: - ''All'' will exec the restore command + on all pods. - ''ReadWrite'' will pick a ReadWrite pod to exec + the restore command.' + enum: + - All + - ReadWrite + type: string + restoreCommands: + description: Array of command that apps can perform database restore. + like xtrabackup, that can performs restore mysql from files. + items: + type: string + type: array + type: object + physical: + description: backup tool can support physical restore, in this case, + restore must be RESTART database. + properties: + incrementalRestoreCommands: + description: Array of incremental restore commands. + items: + type: string + type: array + restoreCommands: + description: Array of command that apps can perform database restore. + like xtrabackup, that can performs restore mysql from files. + items: + type: string + type: array + type: object + resources: + description: Compute Resources required by this container. Cannot + be updated. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + type: + default: file + description: the type of backup tool, file or pitr + enum: + - file + - pitr + type: string + required: + - backupCommands + - image + - physical + type: object + status: + description: BackupToolStatus defines the observed state of BackupTool + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/dataprotection.kubeblocks.io/restorejob.yaml b/definitions/dataprotection.kubeblocks.io/restorejob.yaml new file mode 100644 index 000000000..099fe488f --- /dev/null +++ b/definitions/dataprotection.kubeblocks.io/restorejob.yaml @@ -0,0 +1,1777 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: restorejobs.dataprotection.kubeblocks.io +spec: + group: dataprotection.kubeblocks.io + names: + categories: + - kubeblocks + kind: RestoreJob + listKind: RestoreJobList + plural: restorejobs + singular: restorejob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: STATUS + type: string + - jsonPath: .status.completionTimestamp + name: COMPLETION-TIME + type: date + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: RestoreJob is the Schema for the restorejobs API (defined by + User) + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreJobSpec defines the desired state of RestoreJob + properties: + backupJobName: + description: Specified one backupJob to restore. + type: string + onFailAttempted: + description: count of backup stop retries on fail. + format: int32 + type: integer + target: + description: the target database workload to restore + properties: + labelsSelector: + description: labelsSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + secret: + description: secret is used to connect to the target database + cluster. If not set, secret will be inherited from backup policy + template. if still not set, the controller will check if any + system account for dataprotection has been created. + properties: + name: + description: the secret name + pattern: ^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$ + type: string + passwordKey: + default: password + description: passwordKey the map key of the password in the + connection credential secret + type: string + usernameKey: + default: username + description: usernameKey the map key of the user in the connection + credential secret + type: string + required: + - name + type: object + required: + - labelsSelector + type: object + targetVolumeMounts: + description: array of restore volume mounts . + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + minItems: 1 + type: array + x-kubernetes-preserve-unknown-fields: true + targetVolumes: + description: array of restore volumes . + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + minItems: 1 + type: array + x-kubernetes-preserve-unknown-fields: true + required: + - backupJobName + - target + - targetVolumeMounts + - targetVolumes + type: object + status: + description: RestoreJobStatus defines the observed state of RestoreJob + properties: + completionTimestamp: + description: Date/time when the backup finished being processed. + format: date-time + type: string + expiration: + description: The date and time when the Backup is eligible for garbage + collection. 'null' means the Backup is NOT be cleaned except delete + manual. + format: date-time + type: string + failureReason: + description: Job failed reason. + type: string + phase: + description: RestoreJobPhase The current phase. Valid values are New, + InProgressPhy, InProgressLogic, Completed, Failed. + enum: + - New + - InProgressPhy + - InProgressLogic + - Completed + - Failed + type: string + startTimestamp: + description: Date/time when the backup started being processed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/envoy.marin3r.3scale.net/envoyconfig.yaml b/definitions/envoy.marin3r.3scale.net/envoyconfig.yaml new file mode 100644 index 000000000..466d77c4a --- /dev/null +++ b/definitions/envoy.marin3r.3scale.net/envoyconfig.yaml @@ -0,0 +1,325 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: envoyconfigs.envoy.marin3r.3scale.net +spec: + additionalPrinterColumns: + - JSONPath: .spec.nodeID + name: NodeID + type: string + - JSONPath: .status.desiredVersion + name: Desired Version + type: string + - JSONPath: .status.publishedVersion + name: Published Version + type: string + - JSONPath: .status.cacheState + name: Cache State + type: string + group: envoy.marin3r.3scale.net + names: + kind: EnvoyConfig + listKind: EnvoyConfigList + plural: envoyconfigs + shortNames: + - ec + singular: envoyconfig + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: EnvoyConfig holds the configuration for a given envoy nodeID. The + spec of an EnvoyConfig object holds the envoy resources that conform the desired + configuration for the given nodeID and that the discovery service will send + to any envoy client that identifies itself with that nodeID. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnvoyConfigSpec defines the desired state of EnvoyConfig + properties: + envoyResources: + description: EnvoyResources holds the different types of resources suported + by the envoy discovery service + properties: + clusters: + description: 'Clusters is a list of the envoy Cluster resource type. + Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/cluster.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + endpoints: + description: 'Endpoints is a list of the envoy ClusterLoadAssignment + resource type. Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/endpoint.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + listeners: + description: 'Listeners is a list of the envoy Listener resource + type. Referece: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + routes: + description: 'Routes is a list of the envoy Route resource type. + Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/route.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + runtime: + description: 'Runtimes is a list of the envoy Runtime resource type. + Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/discovery/v2/rtds.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Secrets is a list of references to Kubernetes Secret + objects. + items: + description: EnvoySecretResource holds a reference to a k8s Secret + from where to take a secret from + properties: + name: + description: Name of the envoy resource + type: string + ref: + description: Ref is a reference to a Kubernetes Secret of + type "kubernetes.io/tls" from which an envoy Secret resource + will be automatically created. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + required: + - name + - ref + type: object + type: array + type: object + nodeID: + description: NodeID holds the envoy identifier for the discovery service + to know which set of resources to send to each of the envoy clients + that connect to it. + type: string + serialization: + description: Serialization specicifies the serialization format used + to describe the resources. "json" and "yaml" are supported. "json" + is used if unset. + enum: + - json + - b64json + - yaml + type: string + required: + - envoyResources + - nodeID + type: object + status: + description: EnvoyConfigStatus defines the observed state of EnvoyConfig + properties: + cacheState: + description: CacheState summarizes all the observations about the EnvoyConfig + to give the user a concrete idea on the general status of the discovery + servie cache. It is intended only for human consumption. Other controllers + should relly on conditions to determine the status of the discovery + server cache. + type: string + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition represents an observation of an object's state. + Conditions are an extension mechanism intended to be used when the + details of an observation are not a priori known or would not apply + to all instances of a given Kind. \n Conditions should be added + to explicitly convey properties that users and components care about + rather than requiring those properties to be inferred from other + observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part + of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is + typically a CamelCased word or short phrase. \n Condition types + should indicate state in the \"abnormal-true\" polarity. For + example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + desiredVersion: + description: DesiredVersion represents the resources version described + in the spec of the EnvoyConfig object + type: string + publishedVersion: + description: PublishedVersion is the config version currently served + by the envoy discovery service for the give nodeID + type: string + revisions: + description: ConfigRevisions is an ordered list of references to EnvoyConfigRevision + objects + items: + description: ConfigRevisionRef holds a reference to EnvoyConfigRevision + object + properties: + ref: + description: Ref is a reference to the EnvoyConfigRevision object + that holds the configuration matching the Version field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + version: + description: Version is a hash of the EnvoyResources field + type: string + required: + - ref + - version + type: object + type: array + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/envoy.marin3r.3scale.net/envoyconfigrevision.yaml b/definitions/envoy.marin3r.3scale.net/envoyconfigrevision.yaml new file mode 100644 index 000000000..2582c0dd3 --- /dev/null +++ b/definitions/envoy.marin3r.3scale.net/envoyconfigrevision.yaml @@ -0,0 +1,286 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: envoyconfigrevisions.envoy.marin3r.3scale.net +spec: + additionalPrinterColumns: + - JSONPath: .spec.nodeID + name: NodeID + type: string + - JSONPath: .spec.version + name: Version + type: string + - JSONPath: .status.published + name: Published + type: boolean + - JSONPath: .metadata.creationTimestamp + format: date-time + name: Created At + type: string + - JSONPath: .status.lastPublishedAt + format: date-time + name: Last Published At + type: string + - JSONPath: .status.tainted + name: Tainted + type: boolean + group: envoy.marin3r.3scale.net + names: + kind: EnvoyConfigRevision + listKind: EnvoyConfigRevisionList + plural: envoyconfigrevisions + shortNames: + - ecr + singular: envoyconfigrevision + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: EnvoyConfigRevision holds an specific version of the EnvoyConfig + resources. EnvoyConfigRevisions are automatically created and deleted by + the EnvoyConfig controller and are not intended to be directly used. Use EnvoyConfig + objects instead. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnvoyConfigRevisionSpec defines the desired state of EnvoyConfigRevision + properties: + envoyResources: + description: EnvoyResources holds the different types of resources suported + by the envoy discovery service + properties: + clusters: + description: 'Clusters is a list of the envoy Cluster resource type. + Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/cluster.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + endpoints: + description: 'Endpoints is a list of the envoy ClusterLoadAssignment + resource type. Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/endpoint.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + listeners: + description: 'Listeners is a list of the envoy Listener resource + type. Referece: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + routes: + description: 'Routes is a list of the envoy Route resource type. + Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/route.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + runtime: + description: 'Runtimes is a list of the envoy Runtime resource type. + Reference: https://www.envoyproxy.io/docs/envoy/latest/api-v2/service/discovery/v2/rtds.proto' + items: + description: EnvoyResource holds serialized representation of + an envoy resource + properties: + name: + description: Name of the envoy resource + type: string + value: + description: Value is the serialized representation of the + envoy resource + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Secrets is a list of references to Kubernetes Secret + objects. + items: + description: EnvoySecretResource holds a reference to a k8s Secret + from where to take a secret from + properties: + name: + description: Name of the envoy resource + type: string + ref: + description: Ref is a reference to a Kubernetes Secret of + type "kubernetes.io/tls" from which an envoy Secret resource + will be automatically created. + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which + the secret name must be unique. + type: string + type: object + required: + - name + - ref + type: object + type: array + type: object + nodeID: + description: NodeID holds the envoy identifier for the discovery service + to know which set of resources to send to each of the envoy clients + that connect to it. + type: string + serialization: + description: Serialization specicifies the serialization format used + to describe the resources. "json" and "yaml" are supported. "json" + is used if unset. + enum: + - json + - b64json + - yaml + type: string + version: + description: Version is a hash of the EnvoyResources field + type: string + required: + - envoyResources + - nodeID + - version + type: object + status: + description: EnvoyConfigRevisionStatus defines the observed state of EnvoyConfigRevision + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition represents an observation of an object's state. + Conditions are an extension mechanism intended to be used when the + details of an observation are not a priori known or would not apply + to all instances of a given Kind. \n Conditions should be added + to explicitly convey properties that users and components care about + rather than requiring those properties to be inferred from other + observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part + of the API." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: ConditionReason is intended to be a one-word, CamelCase + representation of the category of cause of the current status. + It is intended to be used in concise output, such as one-line + kubectl get output, and in summarizing occurrences of causes. + type: string + status: + type: string + type: + description: "ConditionType is the type of the condition and is + typically a CamelCased word or short phrase. \n Condition types + should indicate state in the \"abnormal-true\" polarity. For + example, if the condition indicates when a policy is invalid, + the \"is valid\" case is probably the norm, so the condition + should be called \"Invalid\"." + type: string + required: + - status + - type + type: object + type: array + lastPublishedAt: + description: LastPublishedAt indicates the last time this config review + transitioned to published + format: date-time + type: string + published: + description: Published signals if the EnvoyConfigRevision is the one + currently published in the xds server cache + type: boolean + tainted: + description: Tainted indicates whether the EnvoyConfigRevision is eligible + for publishing or not + type: boolean + required: + - conditions + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/exp.cluster.x-k8s.io/machinepool.yaml b/definitions/exp.cluster.x-k8s.io/machinepool.yaml new file mode 100644 index 000000000..4cdc4360a --- /dev/null +++ b/definitions/exp.cluster.x-k8s.io/machinepool.yaml @@ -0,0 +1,537 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.9 + creationTimestamp: null + name: machinepools.exp.cluster.x-k8s.io +spec: + group: exp.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + shortNames: + - mp + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed + etc + jsonPath: .status.phase + name: Phase + type: string + - description: Kubernetes version associated with this MachinePool + jsonPath: .spec.template.spec.version + name: Version + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + failureDomains: + description: FailureDomains is the list of failure domains this MachinePool + should be attached to. + items: + type: string + type: array + minReadySeconds: + description: Minimum number of seconds for which a newly created machine + instances should be ready. Defaults to 0 (machine instance will + be considered available as soon as it is ready) + format: int32 + type: integer + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + replicas: + description: Number of desired machines. Defaults to 1. This is a + pointer to distinguish between explicit zero and not specified. + format: int32 + type: integer + strategy: + description: The deployment strategy to use to replace existing machine + instances with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if MachineDeploymentStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be scheduled + above the desired number of machines. Value can be an absolute + number (ex: 5) or a percentage of desired machines (ex: + 10%). This can not be 0 if MaxUnavailable is 0. Absolute + number is calculated from percentage by rounding up. Defaults + to 1. Example: when this is set to 30%, the new MachineSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new machines do not + exceed 130% of desired machines. Once old machines have + been killed, new MachineSet can be scaled up further, ensuring + that total number of machines running at any time during + the update is at most 130% of desired machines.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of machines that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired machines (ex: 10%). Absolute + number is calculated from percentage by rounding down. This + can not be 0 if MaxSurge is 0. Defaults to 0. Example: when + this is set to 30%, the old MachineSet can be scaled down + to 70% of desired machines immediately when the rolling + update starts. Once new machines are ready, old MachineSet + can be scaled down further, followed by scaling up the new + MachineSet, ensuring that the total number of machines available + at all times during the update is at least 70% of desired + machines.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Currently the only supported + strategy is "RollingUpdate". Default is RollingUpdate. + type: string + type: object + template: + description: Template describes the machines that will be created. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If ALL + objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + type: object + spec: + description: 'Specification of the desired behavior of the machine. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + bootstrap: + description: Bootstrap is a reference to a local struct which + encapsulates fields to configure the Machine’s bootstrapping + mechanism. + properties: + configRef: + description: ConfigRef is a reference to a bootstrap provider-specific + resource that holds configuration details. The reference + is optional to allow users/operators to specify Bootstrap.Data + without the need of a controller. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. For + example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part + of an object. TODO: this design is not final and + this field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + data: + description: "Data contains the bootstrap data, such as + cloud-init details scripts. If nil, the Machine should + remain in the Pending state. \n Deprecated: This field + has been deprecated in v1alpha3 and will be removed + in a future version. Switch to DataSecretName." + type: string + dataSecretName: + description: DataSecretName is the name of the secret + that stores the bootstrap data script. If nil, the Machine + should remain in the Pending state. + type: string + type: object + clusterName: + description: ClusterName is the name of the Cluster this object + belongs to. + minLength: 1 + type: string + failureDomain: + description: FailureDomain is the failure domain the machine + will be created in. Must match a key in the FailureDomains + map stored on the cluster object. + type: string + infrastructureRef: + description: InfrastructureRef is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + nodeDrainTimeout: + description: 'NodeDrainTimeout is the total amount of time + that the controller will spend on draining a node. The default + value is 0, meaning that the node can be drained without + any time limitations. NOTE: NodeDrainTimeout is different + from `kubectl drain --timeout`' + type: string + providerID: + description: ProviderID is the identification ID of the machine + provided by the provider. This field must match the provider + ID as seen on the node object corresponding to this machine. + This field is required by higher level consumers of cluster-api. + Example use case is cluster autoscaler with cluster-api + as provider. Clean-up logic in the autoscaler compares machines + to nodes to find out machines at provider which could not + get registered as Kubernetes nodes. With cluster-api as + a generic out-of-tree provider for autoscaler, this field + is required by autoscaler to be able to have a provider + view of the list of machines. Another list of nodes is queried + from the k8s apiserver and then a comparison is done to + find out unregistered machines and are marked for delete. + This field will be set by the actuators and consumed by + higher level entities like autoscaler that will be interfacing + with cluster-api as generic provider. + type: string + version: + description: Version defines the desired Kubernetes version. + This field is meant to be optionally used by bootstrap providers. + type: string + required: + - bootstrap + - clusterName + - infrastructureRef + type: object + type: object + required: + - clusterName + - template + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool + properties: + availableReplicas: + description: The number of available replicas (ready for at least + minReadySeconds) for this MachinePool. + format: int32 + type: integer + bootstrapReady: + description: BootstrapReady is the state of the bootstrap provider. + type: boolean + conditions: + description: Conditions define the current service state of the MachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a problem reconciling + the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a problem reconciling + the state, and will be set to a token value suitable for programmatic + interpretation. + type: string + infrastructureReady: + description: InfrastructureReady is the state of the infrastructure + provider. + type: boolean + nodeRefs: + description: NodeRefs will point to the corresponding Nodes if it + they exist. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + phase: + description: Phase represents the current phase of cluster actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + readyReplicas: + description: The number of ready replicas for this MachinePool. A + machine is considered ready when the node has been created and is + "Ready". + format: int32 + type: integer + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable machine instances targeted + by this machine pool. This is the total number of machine instances + that are still required for the machine pool to have 100% available + capacity. They may either be machine instances that are running + but not yet available or machine instances that still have not been + created. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/exp.infrastructure.cluster.x-k8s.io/azuremachinepool.yaml b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremachinepool.yaml new file mode 100644 index 000000000..a9cb72123 --- /dev/null +++ b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremachinepool.yaml @@ -0,0 +1,542 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/v1alpha3: v1alpha3 + name: azuremachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: webhook-service + namespace: system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureMachinePool + listKind: AzureMachinePoolList + plural: azuremachinepools + shortNames: + - amp + singular: azuremachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: AzureMachinePool replicas count + jsonPath: .status.replicas + name: Replicas + type: string + - description: AzureMachinePool replicas count + jsonPath: .status.ready + name: Ready + type: string + - description: Azure VMSS provisioning state + jsonPath: .status.provisioningState + name: State + type: string + - description: Cluster to which this AzureMachinePool belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + priority: 1 + type: string + - description: MachinePool object to which this AzureMachinePool belongs + jsonPath: .metadata.ownerReferences[?(@.kind=="MachinePool")].name + name: MachinePool + priority: 1 + type: string + - description: Azure VMSS ID + jsonPath: .spec.providerID + name: VMSS ID + priority: 1 + type: string + - description: Azure VM Size + jsonPath: .spec.template.vmSize + name: VM Size + priority: 1 + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureMachinePool is the Schema for the azuremachinepools API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureMachinePoolSpec defines the desired state of AzureMachinePool + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to an + instance, in addition to the ones added by default by the Azure + provider. If both the AzureCluster and the AzureMachine specify + the same tag name with different values, the AzureMachine's value + takes precedence. + type: object + identity: + default: None + description: Identity is the type of identity used for the Virtual + Machine Scale Set. The type 'SystemAssigned' is an implicitly created + identity. The generated identity will be assigned a Subscription + contributor role. The type 'UserAssigned' is a standalone Azure + resource provided by the user and assigned to the VM + enum: + - None + - SystemAssigned + - UserAssigned + type: string + location: + description: Location is the Azure region location e.g. westus2 + type: string + providerID: + description: ProviderID is the identification ID of the Virtual Machine + Scale Set + type: string + providerIDList: + description: ProviderIDList are the identification IDs of machine + instances provided by the provider. This field must match the provider + IDs as seen on the node objects corresponding to a machine pool's + machine instances. + items: + type: string + type: array + roleAssignmentName: + description: RoleAssignmentName is the name of the role assignment + to create for a system assigned identity. It can be any valid GUID. + If not specified, a random GUID will be generated. + type: string + template: + description: Template contains the details used to build a replica + virtual machine within the Machine Pool + properties: + acceleratedNetworking: + description: AcceleratedNetworking enables or disables Azure accelerated + networking. If omitted, it will be set based on whether the + requested VMSize supports accelerated networking. If AcceleratedNetworking + is set to true with a VMSize that does not support it, Azure + will return an error. + type: boolean + dataDisks: + description: DataDisks specifies the list of data disks to be + created for a Virtual Machine + items: + description: DataDisk specifies the parameters that are used + to add one or more data disks to the machine. + properties: + cachingType: + type: string + diskSizeGB: + description: DiskSizeGB is the size in GB to assign to the + data disk. + format: int32 + type: integer + lun: + description: Lun Specifies the logical unit number of the + data disk. This value is used to identify data disks within + the VM and therefore must be unique for each data disk + attached to a VM. The value must be between 0 and 63. + format: int32 + type: integer + nameSuffix: + description: NameSuffix is the suffix to be appended to + the machine name to generate the disk name. Each disk + name will be in format _. + type: string + required: + - diskSizeGB + - nameSuffix + type: object + type: array + image: + description: Image is used to provide details of an image to use + during Virtual Machine creation. If image details are omitted + the image will default the Azure Marketplace "capi" offer, which + is based on Ubuntu. + properties: + id: + description: ID specifies an image to use by ID + type: string + marketplace: + description: Marketplace specifies an image to use from the + Azure Marketplace + properties: + offer: + description: Offer specifies the name of a group of related + images created by the publisher. For example, UbuntuServer, + WindowsServer + minLength: 1 + type: string + publisher: + description: Publisher is the name of the organization + that created the image + minLength: 1 + type: string + sku: + description: SKU specifies an instance of an offer, such + as a major release of a distribution. For example, 18.04-LTS, + 2019-Datacenter + minLength: 1 + type: string + thirdPartyImage: + default: false + description: ThirdPartyImage indicates the image is published + by a third party publisher and a Plan will be generated + for it. + type: boolean + version: + description: Version specifies the version of an image + sku. The allowed formats are Major.Minor.Build or 'latest'. + Major, Minor, and Build are decimal numbers. Specify + 'latest' to use the latest version of an image available + at deploy time. Even if you use 'latest', the VM image + will not automatically update after deploy time even + if a new version becomes available. + minLength: 1 + type: string + required: + - offer + - publisher + - sku + - version + type: object + sharedGallery: + description: SharedGallery specifies an image to use from + an Azure Shared Image Gallery + properties: + gallery: + description: Gallery specifies the name of the shared + image gallery that contains the image + minLength: 1 + type: string + name: + description: Name is the name of the image + minLength: 1 + type: string + resourceGroup: + description: ResourceGroup specifies the resource group + containing the shared image gallery + minLength: 1 + type: string + subscriptionID: + description: SubscriptionID is the identifier of the subscription + that contains the shared image gallery + minLength: 1 + type: string + version: + description: Version specifies the version of the marketplace + image. The allowed formats are Major.Minor.Build or + 'latest'. Major, Minor, and Build are decimal numbers. + Specify 'latest' to use the latest version of an image + available at deploy time. Even if you use 'latest', + the VM image will not automatically update after deploy + time even if a new version becomes available. + minLength: 1 + type: string + required: + - gallery + - name + - resourceGroup + - subscriptionID + - version + type: object + type: object + osDisk: + description: OSDisk contains the operating system disk information + for a Virtual Machine + properties: + cachingType: + type: string + diffDiskSettings: + description: DiffDiskSettings describe ephemeral disk settings + for the os disk. + properties: + option: + description: Option enables ephemeral OS when set to "Local" + See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks + for full details + enum: + - Local + type: string + required: + - option + type: object + diskSizeGB: + format: int32 + type: integer + managedDisk: + description: ManagedDisk defines the managed disk options + for a VM. + properties: + diskEncryptionSet: + description: DiskEncryptionSetParameters defines disk + encryption options. + properties: + id: + description: ID defines resourceID for diskEncryptionSet + resource. It must be in the same subscription + type: string + type: object + storageAccountType: + type: string + required: + - storageAccountType + type: object + osType: + type: string + required: + - diskSizeGB + - managedDisk + - osType + type: object + securityProfile: + description: SecurityProfile specifies the Security profile settings + for a virtual machine. + properties: + encryptionAtHost: + description: This field indicates whether Host Encryption + should be enabled or disabled for a virtual machine or virtual + machine scale set. Default is disabled. + type: boolean + type: object + spotVMOptions: + description: SpotVMOptions allows the ability to specify the Machine + should use a Spot VM + properties: + maxPrice: + anyOf: + - type: integer + - type: string + description: MaxPrice defines the maximum price the user is + willing to pay for Spot VM instances + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + sshPublicKey: + description: SSHPublicKey is the SSH public key string base64 + encoded to add to a Virtual Machine + type: string + terminateNotificationTimeout: + description: TerminateNotificationTimeout enables or disables + VMSS scheduled events termination notification with specified + timeout allowed values are between 5 and 15 (mins) + type: integer + vmSize: + description: VMSize is the size of the Virtual Machine to build. + See https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes + type: string + required: + - osDisk + - sshPublicKey + - vmSize + type: object + userAssignedIdentities: + description: UserAssignedIdentities is a list of standalone Azure + identities provided by the user The lifecycle of a user-assigned + identity is managed separately from the lifecycle of the AzureMachinePool. + See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli + items: + description: UserAssignedIdentity defines the user-assigned identities + provided by the user to be assigned to Azure resources. + properties: + providerID: + description: 'ProviderID is the identification ID of the user-assigned + Identity, the format of an identity is: ''azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}''' + type: string + required: + - providerID + type: object + type: array + required: + - location + - template + type: object + status: + description: AzureMachinePoolStatus defines the observed state of AzureMachinePool + properties: + conditions: + description: Conditions defines current service state of the AzureMachinePool. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the MachinePool and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the MachinePool's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of MachinePools can be added as + events to the MachinePool object and/or logged in the controller's + output." + type: string + instances: + description: Instances is the VM instance status for each VM in the + VMSS + items: + description: AzureMachinePoolInstanceStatus provides status information + for each instance in the VMSS + properties: + instanceID: + description: InstanceID is the identification of the Machine + Instance within the VMSS + type: string + instanceName: + description: InstanceName is the name of the Machine Instance + within the VMSS + type: string + latestModelApplied: + description: LatestModelApplied indicates the instance is running + the most up-to-date VMSS model. A VMSS model describes the + image version the VM is running. If the instance is not running + the latest model, it means the instance may not be running + the version of Kubernetes the Machine Pool has specified and + needs to be updated. + type: boolean + providerID: + description: ProviderID is the provider identification of the + VMSS Instance + type: string + provisioningState: + description: ProvisioningState is the provisioning state of + the Azure virtual machine instance. + type: string + version: + description: Version defines the Kubernetes version for the + VM Instance + type: string + required: + - latestModelApplied + type: object + type: array + longRunningOperationState: + description: LongRunningOperationState saves the state for an Azure + long running operations so it can be continued on the next reconciliation + loop. + properties: + futureData: + description: FutureData is the base64 url encoded json Azure AutoRest + Future + type: string + name: + description: Name is the name of the Azure resource + type: string + resourceGroup: + description: ResourceGroup is the Azure resource group for the + resource + type: string + type: + description: Type describes the type of future, update, create, + delete, etc + type: string + required: + - type + type: object + provisioningState: + description: ProvisioningState is the provisioning state of the Azure + virtual machine. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + version: + description: Version is the Kubernetes version for the current VMSS + model + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedcluster.yaml b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedcluster.yaml new file mode 100644 index 000000000..cefc73250 --- /dev/null +++ b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedcluster.yaml @@ -0,0 +1,77 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/v1alpha3: v1alpha3 + name: azuremanagedclusters.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedCluster + listKind: AzureManagedClusterList + plural: azuremanagedclusters + shortNames: + - amc + singular: azuremanagedcluster + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureManagedCluster is the Schema for the azuremanagedclusters + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + type: object + status: + description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster + properties: + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane.yaml b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane.yaml new file mode 100644 index 000000000..c4d50e386 --- /dev/null +++ b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane.yaml @@ -0,0 +1,182 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/v1alpha3: v1alpha3 + name: azuremanagedcontrolplanes.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedControlPlane + listKind: AzureManagedControlPlaneList + plural: azuremanagedcontrolplanes + shortNames: + - amcp + singular: azuremanagedcontrolplane + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedControlPlaneSpec defines the desired state of + AzureManagedControlPlane + properties: + additionalTags: + additionalProperties: + type: string + description: AdditionalTags is an optional set of tags to add to Azure + resources managed by the Azure provider, in addition to the ones + added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + defaultPoolRef: + description: DefaultPoolRef is the specification for the default pool, + without which an AKS cluster cannot be created. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + dnsServiceIP: + description: DNSServiceIP is an IP address assigned to the Kubernetes + DNS service. It must be within the Kubernetes service address range + specified in serviceCidr. + type: string + loadBalancerSKU: + description: LoadBalancerSKU is the SKU of the loadBalancer to be + provisioned. + enum: + - Basic + - Standard + type: string + location: + description: 'Location is a string matching one of the canonical Azure + region names. Examples: "westus2", "eastus".' + type: string + networkPlugin: + description: NetworkPlugin used for building Kubernetes network. + enum: + - azure + - kubenet + type: string + networkPolicy: + description: NetworkPolicy used for building Kubernetes network. + enum: + - azure + - calico + type: string + nodeResourceGroupName: + description: NodeResourceGroupName is the name of the resource group + containining cluster IaaS resources. Will be populated to default + in webhook. + type: string + resourceGroupName: + description: ResourceGroupName is the name of the Azure resource group + for this AKS Cluster. + type: string + sshPublicKey: + description: SSHPublicKey is a string literal containing an ssh public + key base64 encoded. + type: string + subscriptionID: + description: SubscriotionID is the GUID of the Azure subscription + to hold this cluster. + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + type: string + virtualNetwork: + description: VirtualNetwork describes the vnet for the AKS cluster. + Will be created if it does not exist. + properties: + cidrBlock: + type: string + name: + type: string + subnet: + description: ManagedControlPlaneSubnet describes a subnet for + an AKS cluster. + properties: + cidrBlock: + type: string + name: + type: string + required: + - cidrBlock + - name + type: object + required: + - cidrBlock + - name + type: object + required: + - defaultPoolRef + - location + - nodeResourceGroupName + - resourceGroupName + - sshPublicKey + - version + type: object + status: + description: AzureManagedControlPlaneStatus defines the observed state + of AzureManagedControlPlane + properties: + initialized: + description: Initialized is true when the the control plane is available + for initial contact. This may occur before the control plane is + fully ready. In the AzureManagedControlPlane implementation, these + are identical. + type: boolean + ready: + description: Ready is true when the provider resource is ready. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedmachinepool.yaml b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedmachinepool.yaml new file mode 100644 index 000000000..b897d1dcb --- /dev/null +++ b/definitions/exp.infrastructure.cluster.x-k8s.io/azuremanagedmachinepool.yaml @@ -0,0 +1,95 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/v1alpha3: v1alpha3 + name: azuremanagedmachinepools.exp.infrastructure.cluster.x-k8s.io +spec: + group: exp.infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: AzureManagedMachinePool + listKind: AzureManagedMachinePoolList + plural: azuremanagedmachinepools + shortNames: + - ammp + singular: azuremanagedmachinepool + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AzureManagedMachinePoolSpec defines the desired state of + AzureManagedMachinePool + properties: + osDiskSizeGB: + description: OSDiskSizeGB is the disk size for every machine in this + agent pool. If you specify 0, it will apply the default osDisk size + according to the vmSize specified. + format: int32 + type: integer + providerIDList: + description: ProviderIDList is the unique identifier as specified + by the cloud provider. + items: + type: string + type: array + sku: + description: SKU is the size of the VMs in the node pool. + type: string + required: + - sku + type: object + status: + description: AzureManagedMachinePoolStatus defines the observed state + of AzureManagedMachinePool + properties: + errorMessage: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + errorReason: + description: Any transient errors that occur during the reconciliation + of Machines can be added as events to the Machine object and/or + logged in the controller's output. + type: string + ready: + description: Ready is true when the provider resource is ready. + type: boolean + replicas: + description: Replicas is the most recently observed number of replicas. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/experimental.kpack.pivotal.io/custombuilder.yaml b/definitions/experimental.kpack.pivotal.io/custombuilder.yaml new file mode 100644 index 000000000..a419c80ff --- /dev/null +++ b/definitions/experimental.kpack.pivotal.io/custombuilder.yaml @@ -0,0 +1,25 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: custombuilders.experimental.kpack.pivotal.io +spec: + group: experimental.kpack.pivotal.io + version: v1alpha1 + names: + kind: CustomBuilder + singular: custombuilder + plural: custombuilders + shortNames: + - custmbldr + categories: + - kpack + scope: Namespaced + subresources: + status: {} + additionalPrinterColumns: + - name: LatestImage + type: string + JSONPath: ".status.latestImage" + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" diff --git a/definitions/experimental.kpack.pivotal.io/customclusterbuilder.yaml b/definitions/experimental.kpack.pivotal.io/customclusterbuilder.yaml new file mode 100644 index 000000000..d013357c6 --- /dev/null +++ b/definitions/experimental.kpack.pivotal.io/customclusterbuilder.yaml @@ -0,0 +1,25 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: customclusterbuilders.experimental.kpack.pivotal.io +spec: + group: experimental.kpack.pivotal.io + version: v1alpha1 + names: + kind: CustomClusterBuilder + singular: customclusterbuilder + plural: customclusterbuilders + shortNames: + - ccb + categories: + - kpack + scope: Cluster + subresources: + status: {} + additionalPrinterColumns: + - name: LatestImage + type: string + JSONPath: ".status.latestImage" + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" diff --git a/definitions/experimental.kpack.pivotal.io/stack.yaml b/definitions/experimental.kpack.pivotal.io/stack.yaml new file mode 100644 index 000000000..ea8a85a9e --- /dev/null +++ b/definitions/experimental.kpack.pivotal.io/stack.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: stacks.experimental.kpack.pivotal.io +spec: + group: experimental.kpack.pivotal.io + version: v1alpha1 + names: + kind: Stack + singular: stack + plural: stacks + categories: + - kpack + scope: Cluster + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" diff --git a/definitions/experimental.kpack.pivotal.io/store.yaml b/definitions/experimental.kpack.pivotal.io/store.yaml new file mode 100644 index 000000000..5c78e4bf0 --- /dev/null +++ b/definitions/experimental.kpack.pivotal.io/store.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: stores.experimental.kpack.pivotal.io +spec: + group: experimental.kpack.pivotal.io + version: v1alpha1 + names: + kind: Store + singular: store + plural: stores + categories: + - kpack + scope: Cluster + subresources: + status: {} + additionalPrinterColumns: + - name: Ready + type: string + JSONPath: #@ ".status.conditions[?(@.type==\"Ready\")].status" diff --git a/definitions/federation.pingcap.com/volumebackup.yaml b/definitions/federation.pingcap.com/volumebackup.yaml index b5232437e..0424b297f 100644 --- a/definitions/federation.pingcap.com/volumebackup.yaml +++ b/definitions/federation.pingcap.com/volumebackup.yaml @@ -314,18 +314,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -369,6 +357,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -557,6 +547,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1159,18 +1186,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1214,6 +1229,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1402,6 +1419,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: diff --git a/definitions/federation.pingcap.com/volumebackupschedule.yaml b/definitions/federation.pingcap.com/volumebackupschedule.yaml index f24821af5..1a46d4063 100644 --- a/definitions/federation.pingcap.com/volumebackupschedule.yaml +++ b/definitions/federation.pingcap.com/volumebackupschedule.yaml @@ -319,18 +319,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -374,6 +362,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -562,6 +552,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1164,18 +1191,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1219,6 +1234,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1407,6 +1424,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: diff --git a/definitions/federation.pingcap.com/volumerestore.yaml b/definitions/federation.pingcap.com/volumerestore.yaml index 155700119..a73f18089 100644 --- a/definitions/federation.pingcap.com/volumerestore.yaml +++ b/definitions/federation.pingcap.com/volumerestore.yaml @@ -324,18 +324,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -379,6 +367,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -567,6 +557,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1118,18 +1145,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1173,6 +1188,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1361,6 +1378,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: diff --git a/definitions/gateway.networking.k8s.io/tcproute.yaml b/definitions/gateway.networking.k8s.io/tcproute.yaml index e3777e892..7b7cab274 100644 --- a/definitions/gateway.networking.k8s.io/tcproute.yaml +++ b/definitions/gateway.networking.k8s.io/tcproute.yaml @@ -1,3 +1,6 @@ +# +# config/crd/experimental/gateway.networking.k8s.io_tcproutes.yaml +# apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -11,627 +14,272 @@ spec: group: gateway.networking.k8s.io names: categories: - - gateway-api + - gateway-api kind: TCPRoute listKind: TCPRouteList plural: tcproutes singular: tcproute scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha2 - schema: - openAPIV3Schema: - description: TCPRoute provides a way to route TCP requests. When combined - with a Gateway listener, it can be used to forward connections on the port - specified by the listener to a set of backends specified by the TCPRoute. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of TCPRoute. - properties: - parentRefs: - description: "ParentRefs references the resources (usually Gateways) - that a Route wants to be attached to. Note that the referenced parent - resource needs to allow this for the attachment to be complete. - For Gateways, that means the Gateway needs to allow attachment from - Routes of this kind and namespace. For Services, that means the - Service must either be in the same namespace for a \"producer\" - route, or the mesh implementation must support and allow \"consumer\" - routes for the referenced Service. ReferenceGrant is not applicable - for governing ParentRefs to Services - it is not possible to create - a \"producer\" route for a Service in a different namespace from - the Route. \n There are two kinds of parent resources with \"Core\" - support: \n * Gateway (Gateway conformance profile) * Service (Mesh - conformance profile, experimental, ClusterIP Services only) This - API may be extended in the future to support additional kinds of - parent resources. \n ParentRefs must be _distinct_. This means either - that: \n * They select different objects. If this is the case, - then parentRef entries are distinct. In terms of fields, this means - that the multi-part key defined by `group`, `kind`, `namespace`, - and `name` must be unique across all parentRef entries in the Route. - * They do not select different objects, but for each optional field - used, each ParentRef that selects the same object must set the same - set of optional fields to different values. If one ParentRef sets - a combination of optional fields, all must set the same combination. - \n Some examples: \n * If one ParentRef sets `sectionName`, all - ParentRefs referencing the same object must also set `sectionName`. - * If one ParentRef sets `port`, all ParentRefs referencing the same - object must also set `port`. * If one ParentRef sets `sectionName` - and `port`, all ParentRefs referencing the same object must also - set `sectionName` and `port`. \n It is possible to separately reference - multiple distinct objects that may be collapsed by an implementation. - For example, some implementations may choose to merge compatible - Gateway Listeners together. If that is the case, the list of routes - attached to those resources should also be merged. \n Note that - for ParentRefs that cross namespace boundaries, there are specific - rules. Cross-namespace references are only valid if they are explicitly - allowed by something in the namespace they are referring to. For - example, Gateway has the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable other kinds of cross-namespace - reference. \n ParentRefs from a Route to a Service in the same - namespace are \"producer\" routes, which apply default routing rules - to inbound connections from any namespace to the Service. \n ParentRefs - from a Route to a Service in a different namespace are \"consumer\" - routes, and these routing rules are only applied to outbound connections - originating from the same namespace as the Route, for which the - intended destination of the connections are a Service targeted as - a ParentRef of the Route. \n " - items: - description: "ParentReference identifies an API object (usually - a Gateway) that can be considered a parent of this resource (usually - a route). There are two kinds of parent resources with \"Core\" - support: \n * Gateway (Gateway conformance profile) * Service - (Mesh conformance profile, experimental, ClusterIP Services only) - \n This API may be extended in the future to support additional - kinds of parent resources. \n The API object must be valid in - the cluster; the Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. When unspecified, - \"gateway.networking.k8s.io\" is inferred. To set the core - API group (such as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). \n Support: - Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n There are two - kinds of parent resources with \"Core\" support: \n * Gateway - (Gateway conformance profile) * Service (Mesh conformance - profile, experimental, ClusterIP Services only) \n Support - for other resources is Implementation-Specific." - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. \n Support: - Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the referent. When - unspecified, this refers to the local namespace of the Route. - \n Note that there are specific rules for ParentRefs which - cross namespace boundaries. Cross-namespace references are - only valid if they are explicitly allowed by something in - the namespace they are referring to. For example: Gateway - has the AllowedRoutes field, and ReferenceGrant provides a - generic way to enable any other kind of cross-namespace reference. - \n ParentRefs from a Route to a Service in the same namespace - are \"producer\" routes, which apply default routing rules - to inbound connections from any namespace to the Service. - \n ParentRefs from a Route to a Service in a different namespace - are \"consumer\" routes, and these routing rules are only - applied to outbound connections originating from the same - namespace as the Route, for which the intended destination - of the connections are a Service targeted as a ParentRef of - the Route. \n Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route targets. It - can be interpreted differently based on the type of parent - resource. \n When the parent resource is a Gateway, this targets - all listeners listening on the specified port that also support - this kind of Route(and select this Route). It's not recommended - to set `Port` unless the networking behaviors specified in - a Route must apply to a specific port as opposed to a listener(s) - whose port(s) may be changed. When both Port and SectionName - are specified, the name and port of the selected listener - must match both specified values. \n When the parent resource - is a Service, this targets a specific port in the Service - spec. When both Port (experimental) and SectionName are specified, - the name and port of the selected port must match both specified - values. \n Implementations MAY choose to support other parent - resources. Implementations supporting other types of parent - resources MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment is considered - successful as long as the parent resource accepts it partially. - For example, Gateway listeners can restrict which Routes can - attach to them by Route kind, namespace, or hostname. If 1 - of 2 Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully attached. - If no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. \n - Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section within the - target resource. In the following resources, SectionName is - interpreted as the following: \n * Gateway: Listener Name. - When both Port (experimental) and SectionName are specified, - the name and port of the selected listener must match both - specified values. * Service: Port Name. When both Port (experimental) - and SectionName are specified, the name and port of the selected - listener must match both specified values. Note that attaching - Routes to Services as Parents is part of experimental Mesh - support and is not supported for any other purpose. \n Implementations - MAY choose to support attaching Routes to other resources. - If that is the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), this will - reference the entire resource. For the purpose of status, - an attachment is considered successful if at least one section - in the parent resource accepts it. For example, Gateway listeners - can restrict which Routes can attach to them by Route kind, - namespace, or hostname. If 1 of 2 Gateway listeners accept - attachment from the referencing Route, the Route MUST be considered - successfully attached. If no Gateway listeners accept attachment - from this Route, the Route MUST be considered detached from - the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - maxItems: 32 - type: array - x-kubernetes-validations: - - message: sectionName or port must be specified when parentRefs includes - 2 or more references to the same parent - rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind - == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) - || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ - == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && - p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) - || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName - == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) - || p2.port == 0)): true))' - - message: sectionName or port must be unique when parentRefs includes - 2 or more references to the same parent - rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind - == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) - || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ - == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && - p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) - || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName - == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName - == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) - || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port - == p2.port)))) - rules: - description: Rules are a list of TCP matchers and actions. - items: - description: TCPRouteRule is the configuration for a given rule. - properties: - backendRefs: - description: "BackendRefs defines the backend(s) where matching - requests should be sent. If unspecified or invalid (refers - to a non-existent resource or a Service with no endpoints), - the underlying implementation MUST actively reject connection - attempts to this backend. Connection rejections must respect - weight; if an invalid backend is requested to have 80% of - connections, then 80% of connections must be rejected instead. - \n Support: Core for Kubernetes Service \n Support: Extended - for Kubernetes ServiceImport \n Support: Implementation-specific - for any other resource \n Support for weight: Extended" - items: - description: "BackendRef defines how a Route should forward - a request to a Kubernetes resource. \n Note that when a - namespace different than the local namespace is specified, - a ReferenceGrant object is required in the referent namespace - to allow that namespace's owner to accept the reference. - See the ReferenceGrant documentation for details. \n - \n When the BackendRef points to a Kubernetes Service, implementations - SHOULD honor the appProtocol field if it is set for the - target Service Port. \n Implementations supporting appProtocol - SHOULD recognize the Kubernetes Standard Application Protocols - defined in KEP-3726. \n If a Service appProtocol isn't specified, - an implementation MAY infer the backend protocol through - its own means. Implementations MAY infer the protocol from - the Route type referring to the backend Service. \n If a - Route is not able to send traffic to the backend using the - specified protocol then the backend is considered invalid. - Implementations MUST set the \"ResolvedRefs\" condition - to \"False\" with the \"UnsupportedProtocol\" reason. \n - \n Note that when the - BackendTLSPolicy object is enabled by the implementation, - there are some extra rules about validity to consider here. - See the fields where this struct is used for more information - about the exact behavior." + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: TCPRoute provides a way to route TCP requests. When combined with a Gateway listener, it can be used to forward connections on the port specified by the listener to a set of backends specified by the TCPRoute. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TCPRoute. + properties: + parentRefs: + description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + items: + description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + properties: + group: + default: gateway.networking.k8s.io + description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: "Name is the name of the referent. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + maxItems: 32 + type: array + x-kubernetes-validations: + - message: sectionName or port must be specified when parentRefs includes 2 or more references to the same parent + rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) || p2.port == 0)): true))' + - message: sectionName or port must be unique when parentRefs includes 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port)))) + rules: + description: Rules are a list of TCP matchers and actions. + items: + description: TCPRouteRule is the configuration for a given rule. + properties: + backendRefs: + description: "BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Connection rejections must respect weight; if an invalid backend is requested to have 80% of connections, then 80% of connections must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + items: + description: "BackendRef defines how a Route should forward a request to a Kubernetes resource. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n \n When the BackendRef points to a Kubernetes Service, implementations SHOULD honor the appProtocol field if it is set for the target Service Port. \n Implementations supporting appProtocol SHOULD recognize the Kubernetes Standard Application Protocols defined in KEP-3726. \n If a Service appProtocol isn't specified, an implementation MAY infer the backend protocol through its own means. Implementations MAY infer the protocol from the Route type referring to the backend Service. \n If a Route is not able to send traffic to the backend using the specified protocol then the backend is considered invalid. Implementations MUST set the \"ResolvedRefs\" condition to \"False\" with the \"UnsupportedProtocol\" reason. \n \n Note that when the BackendTLSPolicy object is enabled by the implementation, there are some extra rules about validity to consider here. See the fields where this struct is used for more information about the exact behavior." + properties: + group: + default: "" + description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + weight: + default: 1 + description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + format: int32 + maximum: 1000000 + minimum: 0 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' + maxItems: 16 + minItems: 1 + type: array + type: object + maxItems: 16 + minItems: 1 + type: array + required: + - rules + type: object + status: + description: Status defines the current state of TCPRoute. + properties: + parents: + description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway." + items: + description: RouteParentStatus describes the status of a route with respect to an associated Parent. + properties: + conditions: + description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the controller does not have access to." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + type: string + parentRef: + description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of. properties: group: - default: "" - description: Group is the group of the referent. For example, - "gateway.networking.k8s.io". When unspecified or empty - string, core API group is inferred. + default: gateway.networking.k8s.io + description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: - default: Service - description: "Kind is the Kubernetes resource kind of - the referent. For example \"Service\". \n Defaults to - \"Service\" when not specified. \n ExternalName services - can refer to CNAME DNS records that may live outside - of the cluster and as such are difficult to reason about - in terms of conformance. They also may not be safe to - forward to (see CVE-2021-25740 for more information). - Implementations SHOULD NOT support ExternalName Services. - \n Support: Core (Services with a type other than ExternalName) - \n Support: Implementation-specific (Services with type - ExternalName)" + default: Gateway + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: - description: Name is the name of the referent. + description: "Name is the name of the referent. \n Support: Core" maxLength: 253 minLength: 1 type: string namespace: - description: "Namespace is the namespace of the backend. - When unspecified, the local namespace is inferred. \n - Note that when a namespace different than the local - namespace is specified, a ReferenceGrant object is required - in the referent namespace to allow that namespace's - owner to accept the reference. See the ReferenceGrant - documentation for details. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: - description: Port specifies the destination port number - to use for this resource. Port is required when the - referent is a Kubernetes Service. In this case, the - port number is the service port number, not the target - port. For other resources, destination port might be - derived from the referent resource or this field. + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " format: int32 maximum: 65535 minimum: 1 type: integer - weight: - default: 1 - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1. \n Support for this field varies based - on the context where used." - format: int32 - maximum: 1000000 - minimum: 0 - type: integer - required: - - name - type: object - x-kubernetes-validations: - - message: Must have port for Service reference - rule: '(size(self.group) == 0 && self.kind == ''Service'') - ? has(self.port) : true' - maxItems: 16 - minItems: 1 - type: array - type: object - maxItems: 16 - minItems: 1 - type: array - required: - - rules - type: object - status: - description: Status defines the current state of TCPRoute. - properties: - parents: - description: "Parents is a list of parent resources (usually Gateways) - that are associated with the route, and the status of the route - with respect to each parent. When this route attaches to a parent, - the controller that manages the parent must add an entry to this - list when the controller first sees the route and should update - the entry as appropriate when the route or gateway is modified. - \n Note that parent references that cannot be resolved by an implementation - of this API will not be added to this list. Implementations of this - API can only populate Route status for the Gateways/parent resources - they are responsible for. \n A maximum of 32 Gateways will be represented - in this list. An empty list means the route has not been attached - to any Gateway." - items: - description: RouteParentStatus describes the status of a route with - respect to an associated Parent. - properties: - conditions: - description: "Conditions describes the status of the route with - respect to the Gateway. Note that the route's availability - is also subject to the Gateway's own status conditions and - listener status. \n If the Route's ParentRef specifies an - existing Gateway that supports Routes of this kind AND that - Gateway's controller has sufficient access, then that Gateway's - controller MUST set the \"Accepted\" condition on the Route, - to indicate whether the route has been accepted or rejected - by the Gateway, and why. \n A Route MUST be considered \"Accepted\" - if at least one of the Route's rules is implemented by the - Gateway. \n There are a number of cases where the \"Accepted\" - condition may not be set due to lack of controller visibility, - that includes when: \n * The Route refers to a non-existent - parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the controller - does not have access to." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 + sectionName: + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + maxLength: 253 minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - - lastTransitionTime - - message - - reason - - status - - type + - name type: object - maxItems: 8 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controllerName: - description: "ControllerName is a domain/path string that indicates - the name of the controller that wrote this status. This corresponds - with the controllerName field on GatewayClass. \n Example: - \"example.net/gateway-controller\". \n The format of this - field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid - Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). - \n Controllers MUST populate this field when writing status. - Controllers should ensure that entries to status populated - with their ControllerName are cleaned up when they are no - longer necessary." - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ - type: string - parentRef: - description: ParentRef corresponds with a ParentRef in the spec - that this RouteParentStatus struct describes the status of. - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. When unspecified, - \"gateway.networking.k8s.io\" is inferred. To set the - core API group (such as for a \"Service\" kind referent), - Group must be explicitly set to \"\" (empty string). \n - Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n There are - two kinds of parent resources with \"Core\" support: \n - * Gateway (Gateway conformance profile) * Service (Mesh - conformance profile, experimental, ClusterIP Services - only) \n Support for other resources is Implementation-Specific." - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. \n Support: - Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the referent. - When unspecified, this refers to the local namespace of - the Route. \n Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace references - are only valid if they are explicitly allowed by something - in the namespace they are referring to. For example: Gateway - has the AllowedRoutes field, and ReferenceGrant provides - a generic way to enable any other kind of cross-namespace - reference. \n ParentRefs from a Route to a Service in - the same namespace are \"producer\" routes, which apply - default routing rules to inbound connections from any - namespace to the Service. \n ParentRefs from a Route to - a Service in a different namespace are \"consumer\" routes, - and these routing rules are only applied to outbound connections - originating from the same namespace as the Route, for - which the intended destination of the connections are - a Service targeted as a ParentRef of the Route. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route targets. - It can be interpreted differently based on the type of - parent resource. \n When the parent resource is a Gateway, - this targets all listeners listening on the specified - port that also support this kind of Route(and select this - Route). It's not recommended to set `Port` unless the - networking behaviors specified in a Route must apply to - a specific port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName are specified, - the name and port of the selected listener must match - both specified values. \n When the parent resource is - a Service, this targets a specific port in the Service - spec. When both Port (experimental) and SectionName are - specified, the name and port of the selected port must - match both specified values. \n Implementations MAY choose - to support other parent resources. Implementations supporting - other types of parent resources MUST clearly document - how/if Port is interpreted. \n For the purpose of status, - an attachment is considered successful as long as the - parent resource accepts it partially. For example, Gateway - listeners can restrict which Routes can attach to them - by Route kind, namespace, or hostname. If 1 of 2 Gateway - listeners accept attachment from the referencing Route, - the Route MUST be considered successfully attached. If - no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. - \n Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section within - the target resource. In the following resources, SectionName - is interpreted as the following: \n * Gateway: Listener - Name. When both Port (experimental) and SectionName are - specified, the name and port of the selected listener - must match both specified values. * Service: Port Name. - When both Port (experimental) and SectionName are specified, - the name and port of the selected listener must match - both specified values. Note that attaching Routes to Services - as Parents is part of experimental Mesh support and is - not supported for any other purpose. \n Implementations - MAY choose to support attaching Routes to other resources. - If that is the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), this - will reference the entire resource. For the purpose of - status, an attachment is considered successful if at least - one section in the parent resource accepts it. For example, - Gateway listeners can restrict which Routes can attach - to them by Route kind, namespace, or hostname. If 1 of - 2 Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully attached. - If no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. - \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - required: - - controllerName - - parentRef - type: object - maxItems: 32 - type: array - required: - - parents - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + required: + - controllerName + - parentRef + type: object + maxItems: 32 + type: array + required: + - parents + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" plural: "" conditions: null storedVersions: null + diff --git a/definitions/gateway.networking.k8s.io/tlsroute.yaml b/definitions/gateway.networking.k8s.io/tlsroute.yaml index c28b5ad74..9cfac5939 100644 --- a/definitions/gateway.networking.k8s.io/tlsroute.yaml +++ b/definitions/gateway.networking.k8s.io/tlsroute.yaml @@ -1,3 +1,6 @@ +# +# config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml +# apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -11,676 +14,282 @@ spec: group: gateway.networking.k8s.io names: categories: - - gateway-api + - gateway-api kind: TLSRoute listKind: TLSRouteList plural: tlsroutes singular: tlsroute scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha2 - schema: - openAPIV3Schema: - description: "The TLSRoute resource is similar to TCPRoute, but can be configured - to match against TLS-specific metadata. This allows more flexibility in - matching streams for a given TLS listener. \n If you need to forward traffic - to a single target for a TLS listener, you could choose to use a TCPRoute - with a TLS listener." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of TLSRoute. - properties: - hostnames: - description: "Hostnames defines a set of SNI names that should match - against the SNI attribute of TLS ClientHello message in TLS handshake. - This matches the RFC 1123 definition of a hostname with 2 notable - exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. - 2. A hostname may be prefixed with a wildcard label (`*.`). The - wildcard label must appear by itself as the first label. \n If a - hostname is specified by both the Listener and TLSRoute, there must - be at least one intersecting hostname for the TLSRoute to be attached - to the Listener. For example: \n * A Listener with `test.example.com` - as the hostname matches TLSRoutes that have either not specified - any hostnames, or have specified at least one of `test.example.com` - or `*.example.com`. * A Listener with `*.example.com` as the hostname - matches TLSRoutes that have either not specified any hostnames or - have specified at least one hostname that matches the Listener hostname. - For example, `test.example.com` and `*.example.com` would both match. - On the other hand, `example.com` and `test.example.net` would not - match. \n If both the Listener and TLSRoute have specified hostnames, - any TLSRoute hostnames that do not match the Listener hostname MUST - be ignored. For example, if a Listener specified `*.example.com`, - and the TLSRoute specified `test.example.com` and `test.example.net`, - `test.example.net` must not be considered for a match. \n If both - the Listener and TLSRoute have specified hostnames, and none match - with the criteria above, then the TLSRoute is not accepted. The - implementation must raise an 'Accepted' Condition with a status - of `False` in the corresponding RouteParentStatus. \n Support: Core" - items: - description: "Hostname is the fully qualified domain name of a network - host. This matches the RFC 1123 definition of a hostname with - 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname - may be prefixed with a wildcard label (`*.`). The wildcard label - must appear by itself as the first label. \n Hostname can be \"precise\" - which is a domain name without the terminating dot of a network - host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. `*.example.com`). - \n Note that as per RFC1035 and RFC1123, a *label* must consist - of lower case alphanumeric characters or '-', and must start and - end with an alphanumeric character. No other punctuation is allowed." - maxLength: 253 - minLength: 1 - pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 16 - type: array - parentRefs: - description: "ParentRefs references the resources (usually Gateways) - that a Route wants to be attached to. Note that the referenced parent - resource needs to allow this for the attachment to be complete. - For Gateways, that means the Gateway needs to allow attachment from - Routes of this kind and namespace. For Services, that means the - Service must either be in the same namespace for a \"producer\" - route, or the mesh implementation must support and allow \"consumer\" - routes for the referenced Service. ReferenceGrant is not applicable - for governing ParentRefs to Services - it is not possible to create - a \"producer\" route for a Service in a different namespace from - the Route. \n There are two kinds of parent resources with \"Core\" - support: \n * Gateway (Gateway conformance profile) * Service (Mesh - conformance profile, experimental, ClusterIP Services only) This - API may be extended in the future to support additional kinds of - parent resources. \n ParentRefs must be _distinct_. This means either - that: \n * They select different objects. If this is the case, - then parentRef entries are distinct. In terms of fields, this means - that the multi-part key defined by `group`, `kind`, `namespace`, - and `name` must be unique across all parentRef entries in the Route. - * They do not select different objects, but for each optional field - used, each ParentRef that selects the same object must set the same - set of optional fields to different values. If one ParentRef sets - a combination of optional fields, all must set the same combination. - \n Some examples: \n * If one ParentRef sets `sectionName`, all - ParentRefs referencing the same object must also set `sectionName`. - * If one ParentRef sets `port`, all ParentRefs referencing the same - object must also set `port`. * If one ParentRef sets `sectionName` - and `port`, all ParentRefs referencing the same object must also - set `sectionName` and `port`. \n It is possible to separately reference - multiple distinct objects that may be collapsed by an implementation. - For example, some implementations may choose to merge compatible - Gateway Listeners together. If that is the case, the list of routes - attached to those resources should also be merged. \n Note that - for ParentRefs that cross namespace boundaries, there are specific - rules. Cross-namespace references are only valid if they are explicitly - allowed by something in the namespace they are referring to. For - example, Gateway has the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable other kinds of cross-namespace - reference. \n ParentRefs from a Route to a Service in the same - namespace are \"producer\" routes, which apply default routing rules - to inbound connections from any namespace to the Service. \n ParentRefs - from a Route to a Service in a different namespace are \"consumer\" - routes, and these routing rules are only applied to outbound connections - originating from the same namespace as the Route, for which the - intended destination of the connections are a Service targeted as - a ParentRef of the Route. \n " - items: - description: "ParentReference identifies an API object (usually - a Gateway) that can be considered a parent of this resource (usually - a route). There are two kinds of parent resources with \"Core\" - support: \n * Gateway (Gateway conformance profile) * Service - (Mesh conformance profile, experimental, ClusterIP Services only) - \n This API may be extended in the future to support additional - kinds of parent resources. \n The API object must be valid in - the cluster; the Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. When unspecified, - \"gateway.networking.k8s.io\" is inferred. To set the core - API group (such as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). \n Support: - Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n There are two - kinds of parent resources with \"Core\" support: \n * Gateway - (Gateway conformance profile) * Service (Mesh conformance - profile, experimental, ClusterIP Services only) \n Support - for other resources is Implementation-Specific." - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. \n Support: - Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the referent. When - unspecified, this refers to the local namespace of the Route. - \n Note that there are specific rules for ParentRefs which - cross namespace boundaries. Cross-namespace references are - only valid if they are explicitly allowed by something in - the namespace they are referring to. For example: Gateway - has the AllowedRoutes field, and ReferenceGrant provides a - generic way to enable any other kind of cross-namespace reference. - \n ParentRefs from a Route to a Service in the same namespace - are \"producer\" routes, which apply default routing rules - to inbound connections from any namespace to the Service. - \n ParentRefs from a Route to a Service in a different namespace - are \"consumer\" routes, and these routing rules are only - applied to outbound connections originating from the same - namespace as the Route, for which the intended destination - of the connections are a Service targeted as a ParentRef of - the Route. \n Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route targets. It - can be interpreted differently based on the type of parent - resource. \n When the parent resource is a Gateway, this targets - all listeners listening on the specified port that also support - this kind of Route(and select this Route). It's not recommended - to set `Port` unless the networking behaviors specified in - a Route must apply to a specific port as opposed to a listener(s) - whose port(s) may be changed. When both Port and SectionName - are specified, the name and port of the selected listener - must match both specified values. \n When the parent resource - is a Service, this targets a specific port in the Service - spec. When both Port (experimental) and SectionName are specified, - the name and port of the selected port must match both specified - values. \n Implementations MAY choose to support other parent - resources. Implementations supporting other types of parent - resources MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment is considered - successful as long as the parent resource accepts it partially. - For example, Gateway listeners can restrict which Routes can - attach to them by Route kind, namespace, or hostname. If 1 - of 2 Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully attached. - If no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. \n - Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section within the - target resource. In the following resources, SectionName is - interpreted as the following: \n * Gateway: Listener Name. - When both Port (experimental) and SectionName are specified, - the name and port of the selected listener must match both - specified values. * Service: Port Name. When both Port (experimental) - and SectionName are specified, the name and port of the selected - listener must match both specified values. Note that attaching - Routes to Services as Parents is part of experimental Mesh - support and is not supported for any other purpose. \n Implementations - MAY choose to support attaching Routes to other resources. - If that is the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), this will - reference the entire resource. For the purpose of status, - an attachment is considered successful if at least one section - in the parent resource accepts it. For example, Gateway listeners - can restrict which Routes can attach to them by Route kind, - namespace, or hostname. If 1 of 2 Gateway listeners accept - attachment from the referencing Route, the Route MUST be considered - successfully attached. If no Gateway listeners accept attachment - from this Route, the Route MUST be considered detached from - the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - maxItems: 32 - type: array - x-kubernetes-validations: - - message: sectionName or port must be specified when parentRefs includes - 2 or more references to the same parent - rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind - == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) - || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ - == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && - p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) - || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName - == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) - || p2.port == 0)): true))' - - message: sectionName or port must be unique when parentRefs includes - 2 or more references to the same parent - rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind - == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) - || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ - == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && - p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) - || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName - == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName - == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) - || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port - == p2.port)))) - rules: - description: Rules are a list of TLS matchers and actions. - items: - description: TLSRouteRule is the configuration for a given rule. - properties: - backendRefs: - description: "BackendRefs defines the backend(s) where matching - requests should be sent. If unspecified or invalid (refers - to a non-existent resource or a Service with no endpoints), - the rule performs no forwarding; if no filters are specified - that would result in a response being sent, the underlying - implementation must actively reject request attempts to this - backend, by rejecting the connection or returning a 500 status - code. Request rejections must respect weight; if an invalid - backend is requested to have 80% of requests, then 80% of - requests must be rejected instead. \n Support: Core for Kubernetes - Service \n Support: Extended for Kubernetes ServiceImport - \n Support: Implementation-specific for any other resource - \n Support for weight: Extended" - items: - description: "BackendRef defines how a Route should forward - a request to a Kubernetes resource. \n Note that when a - namespace different than the local namespace is specified, - a ReferenceGrant object is required in the referent namespace - to allow that namespace's owner to accept the reference. - See the ReferenceGrant documentation for details. \n - \n When the BackendRef points to a Kubernetes Service, implementations - SHOULD honor the appProtocol field if it is set for the - target Service Port. \n Implementations supporting appProtocol - SHOULD recognize the Kubernetes Standard Application Protocols - defined in KEP-3726. \n If a Service appProtocol isn't specified, - an implementation MAY infer the backend protocol through - its own means. Implementations MAY infer the protocol from - the Route type referring to the backend Service. \n If a - Route is not able to send traffic to the backend using the - specified protocol then the backend is considered invalid. - Implementations MUST set the \"ResolvedRefs\" condition - to \"False\" with the \"UnsupportedProtocol\" reason. \n - \n Note that when the - BackendTLSPolicy object is enabled by the implementation, - there are some extra rules about validity to consider here. - See the fields where this struct is used for more information - about the exact behavior." + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: "The TLSRoute resource is similar to TCPRoute, but can be configured to match against TLS-specific metadata. This allows more flexibility in matching streams for a given TLS listener. \n If you need to forward traffic to a single target for a TLS listener, you could choose to use a TCPRoute with a TLS listener." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TLSRoute. + properties: + hostnames: + description: "Hostnames defines a set of SNI names that should match against the SNI attribute of TLS ClientHello message in TLS handshake. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n If a hostname is specified by both the Listener and TLSRoute, there must be at least one intersecting hostname for the TLSRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches TLSRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n If both the Listener and TLSRoute have specified hostnames, any TLSRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the TLSRoute specified `test.example.com` and `test.example.net`, `test.example.net` must not be considered for a match. \n If both the Listener and TLSRoute have specified hostnames, and none match with the criteria above, then the TLSRoute is not accepted. The implementation must raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n Support: Core" + items: + description: "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + maxItems: 16 + type: array + parentRefs: + description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + items: + description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + properties: + group: + default: gateway.networking.k8s.io + description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: "Name is the name of the referent. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + maxItems: 32 + type: array + x-kubernetes-validations: + - message: sectionName or port must be specified when parentRefs includes 2 or more references to the same parent + rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) || p2.port == 0)): true))' + - message: sectionName or port must be unique when parentRefs includes 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port)))) + rules: + description: Rules are a list of TLS matchers and actions. + items: + description: TLSRouteRule is the configuration for a given rule. + properties: + backendRefs: + description: "BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the rule performs no forwarding; if no filters are specified that would result in a response being sent, the underlying implementation must actively reject request attempts to this backend, by rejecting the connection or returning a 500 status code. Request rejections must respect weight; if an invalid backend is requested to have 80% of requests, then 80% of requests must be rejected instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + items: + description: "BackendRef defines how a Route should forward a request to a Kubernetes resource. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n \n When the BackendRef points to a Kubernetes Service, implementations SHOULD honor the appProtocol field if it is set for the target Service Port. \n Implementations supporting appProtocol SHOULD recognize the Kubernetes Standard Application Protocols defined in KEP-3726. \n If a Service appProtocol isn't specified, an implementation MAY infer the backend protocol through its own means. Implementations MAY infer the protocol from the Route type referring to the backend Service. \n If a Route is not able to send traffic to the backend using the specified protocol then the backend is considered invalid. Implementations MUST set the \"ResolvedRefs\" condition to \"False\" with the \"UnsupportedProtocol\" reason. \n \n Note that when the BackendTLSPolicy object is enabled by the implementation, there are some extra rules about validity to consider here. See the fields where this struct is used for more information about the exact behavior." + properties: + group: + default: "" + description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + weight: + default: 1 + description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + format: int32 + maximum: 1000000 + minimum: 0 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' + maxItems: 16 + minItems: 1 + type: array + type: object + maxItems: 16 + minItems: 1 + type: array + required: + - rules + type: object + status: + description: Status defines the current state of TLSRoute. + properties: + parents: + description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway." + items: + description: RouteParentStatus describes the status of a route with respect to an associated Parent. + properties: + conditions: + description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the controller does not have access to." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + type: string + parentRef: + description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of. properties: group: - default: "" - description: Group is the group of the referent. For example, - "gateway.networking.k8s.io". When unspecified or empty - string, core API group is inferred. + default: gateway.networking.k8s.io + description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: - default: Service - description: "Kind is the Kubernetes resource kind of - the referent. For example \"Service\". \n Defaults to - \"Service\" when not specified. \n ExternalName services - can refer to CNAME DNS records that may live outside - of the cluster and as such are difficult to reason about - in terms of conformance. They also may not be safe to - forward to (see CVE-2021-25740 for more information). - Implementations SHOULD NOT support ExternalName Services. - \n Support: Core (Services with a type other than ExternalName) - \n Support: Implementation-specific (Services with type - ExternalName)" + default: Gateway + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: - description: Name is the name of the referent. + description: "Name is the name of the referent. \n Support: Core" maxLength: 253 minLength: 1 type: string namespace: - description: "Namespace is the namespace of the backend. - When unspecified, the local namespace is inferred. \n - Note that when a namespace different than the local - namespace is specified, a ReferenceGrant object is required - in the referent namespace to allow that namespace's - owner to accept the reference. See the ReferenceGrant - documentation for details. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: - description: Port specifies the destination port number - to use for this resource. Port is required when the - referent is a Kubernetes Service. In this case, the - port number is the service port number, not the target - port. For other resources, destination port might be - derived from the referent resource or this field. + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " format: int32 maximum: 65535 minimum: 1 type: integer - weight: - default: 1 - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1. \n Support for this field varies based - on the context where used." - format: int32 - maximum: 1000000 - minimum: 0 - type: integer - required: - - name - type: object - x-kubernetes-validations: - - message: Must have port for Service reference - rule: '(size(self.group) == 0 && self.kind == ''Service'') - ? has(self.port) : true' - maxItems: 16 - minItems: 1 - type: array - type: object - maxItems: 16 - minItems: 1 - type: array - required: - - rules - type: object - status: - description: Status defines the current state of TLSRoute. - properties: - parents: - description: "Parents is a list of parent resources (usually Gateways) - that are associated with the route, and the status of the route - with respect to each parent. When this route attaches to a parent, - the controller that manages the parent must add an entry to this - list when the controller first sees the route and should update - the entry as appropriate when the route or gateway is modified. - \n Note that parent references that cannot be resolved by an implementation - of this API will not be added to this list. Implementations of this - API can only populate Route status for the Gateways/parent resources - they are responsible for. \n A maximum of 32 Gateways will be represented - in this list. An empty list means the route has not been attached - to any Gateway." - items: - description: RouteParentStatus describes the status of a route with - respect to an associated Parent. - properties: - conditions: - description: "Conditions describes the status of the route with - respect to the Gateway. Note that the route's availability - is also subject to the Gateway's own status conditions and - listener status. \n If the Route's ParentRef specifies an - existing Gateway that supports Routes of this kind AND that - Gateway's controller has sufficient access, then that Gateway's - controller MUST set the \"Accepted\" condition on the Route, - to indicate whether the route has been accepted or rejected - by the Gateway, and why. \n A Route MUST be considered \"Accepted\" - if at least one of the Route's rules is implemented by the - Gateway. \n There are a number of cases where the \"Accepted\" - condition may not be set due to lack of controller visibility, - that includes when: \n * The Route refers to a non-existent - parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the controller - does not have access to." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 + sectionName: + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + maxLength: 253 minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - - lastTransitionTime - - message - - reason - - status - - type + - name type: object - maxItems: 8 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controllerName: - description: "ControllerName is a domain/path string that indicates - the name of the controller that wrote this status. This corresponds - with the controllerName field on GatewayClass. \n Example: - \"example.net/gateway-controller\". \n The format of this - field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid - Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). - \n Controllers MUST populate this field when writing status. - Controllers should ensure that entries to status populated - with their ControllerName are cleaned up when they are no - longer necessary." - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ - type: string - parentRef: - description: ParentRef corresponds with a ParentRef in the spec - that this RouteParentStatus struct describes the status of. - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. When unspecified, - \"gateway.networking.k8s.io\" is inferred. To set the - core API group (such as for a \"Service\" kind referent), - Group must be explicitly set to \"\" (empty string). \n - Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n There are - two kinds of parent resources with \"Core\" support: \n - * Gateway (Gateway conformance profile) * Service (Mesh - conformance profile, experimental, ClusterIP Services - only) \n Support for other resources is Implementation-Specific." - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. \n Support: - Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the referent. - When unspecified, this refers to the local namespace of - the Route. \n Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace references - are only valid if they are explicitly allowed by something - in the namespace they are referring to. For example: Gateway - has the AllowedRoutes field, and ReferenceGrant provides - a generic way to enable any other kind of cross-namespace - reference. \n ParentRefs from a Route to a Service in - the same namespace are \"producer\" routes, which apply - default routing rules to inbound connections from any - namespace to the Service. \n ParentRefs from a Route to - a Service in a different namespace are \"consumer\" routes, - and these routing rules are only applied to outbound connections - originating from the same namespace as the Route, for - which the intended destination of the connections are - a Service targeted as a ParentRef of the Route. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route targets. - It can be interpreted differently based on the type of - parent resource. \n When the parent resource is a Gateway, - this targets all listeners listening on the specified - port that also support this kind of Route(and select this - Route). It's not recommended to set `Port` unless the - networking behaviors specified in a Route must apply to - a specific port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName are specified, - the name and port of the selected listener must match - both specified values. \n When the parent resource is - a Service, this targets a specific port in the Service - spec. When both Port (experimental) and SectionName are - specified, the name and port of the selected port must - match both specified values. \n Implementations MAY choose - to support other parent resources. Implementations supporting - other types of parent resources MUST clearly document - how/if Port is interpreted. \n For the purpose of status, - an attachment is considered successful as long as the - parent resource accepts it partially. For example, Gateway - listeners can restrict which Routes can attach to them - by Route kind, namespace, or hostname. If 1 of 2 Gateway - listeners accept attachment from the referencing Route, - the Route MUST be considered successfully attached. If - no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. - \n Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section within - the target resource. In the following resources, SectionName - is interpreted as the following: \n * Gateway: Listener - Name. When both Port (experimental) and SectionName are - specified, the name and port of the selected listener - must match both specified values. * Service: Port Name. - When both Port (experimental) and SectionName are specified, - the name and port of the selected listener must match - both specified values. Note that attaching Routes to Services - as Parents is part of experimental Mesh support and is - not supported for any other purpose. \n Implementations - MAY choose to support attaching Routes to other resources. - If that is the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), this - will reference the entire resource. For the purpose of - status, an attachment is considered successful if at least - one section in the parent resource accepts it. For example, - Gateway listeners can restrict which Routes can attach - to them by Route kind, namespace, or hostname. If 1 of - 2 Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully attached. - If no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. - \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - required: - - controllerName - - parentRef - type: object - maxItems: 32 - type: array - required: - - parents - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + required: + - controllerName + - parentRef + type: object + maxItems: 32 + type: array + required: + - parents + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" plural: "" conditions: null storedVersions: null + diff --git a/definitions/gateway.networking.k8s.io/udproute.yaml b/definitions/gateway.networking.k8s.io/udproute.yaml index 6731882ca..50948995a 100644 --- a/definitions/gateway.networking.k8s.io/udproute.yaml +++ b/definitions/gateway.networking.k8s.io/udproute.yaml @@ -1,3 +1,6 @@ +# +# config/crd/experimental/gateway.networking.k8s.io_udproutes.yaml +# apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -11,624 +14,268 @@ spec: group: gateway.networking.k8s.io names: categories: - - gateway-api + - gateway-api kind: UDPRoute listKind: UDPRouteList plural: udproutes singular: udproute scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha2 - schema: - openAPIV3Schema: - description: UDPRoute provides a way to route UDP traffic. When combined with - a Gateway listener, it can be used to forward traffic on the port specified - by the listener to a set of backends specified by the UDPRoute. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired state of UDPRoute. - properties: - parentRefs: - description: "ParentRefs references the resources (usually Gateways) - that a Route wants to be attached to. Note that the referenced parent - resource needs to allow this for the attachment to be complete. - For Gateways, that means the Gateway needs to allow attachment from - Routes of this kind and namespace. For Services, that means the - Service must either be in the same namespace for a \"producer\" - route, or the mesh implementation must support and allow \"consumer\" - routes for the referenced Service. ReferenceGrant is not applicable - for governing ParentRefs to Services - it is not possible to create - a \"producer\" route for a Service in a different namespace from - the Route. \n There are two kinds of parent resources with \"Core\" - support: \n * Gateway (Gateway conformance profile) * Service (Mesh - conformance profile, experimental, ClusterIP Services only) This - API may be extended in the future to support additional kinds of - parent resources. \n ParentRefs must be _distinct_. This means either - that: \n * They select different objects. If this is the case, - then parentRef entries are distinct. In terms of fields, this means - that the multi-part key defined by `group`, `kind`, `namespace`, - and `name` must be unique across all parentRef entries in the Route. - * They do not select different objects, but for each optional field - used, each ParentRef that selects the same object must set the same - set of optional fields to different values. If one ParentRef sets - a combination of optional fields, all must set the same combination. - \n Some examples: \n * If one ParentRef sets `sectionName`, all - ParentRefs referencing the same object must also set `sectionName`. - * If one ParentRef sets `port`, all ParentRefs referencing the same - object must also set `port`. * If one ParentRef sets `sectionName` - and `port`, all ParentRefs referencing the same object must also - set `sectionName` and `port`. \n It is possible to separately reference - multiple distinct objects that may be collapsed by an implementation. - For example, some implementations may choose to merge compatible - Gateway Listeners together. If that is the case, the list of routes - attached to those resources should also be merged. \n Note that - for ParentRefs that cross namespace boundaries, there are specific - rules. Cross-namespace references are only valid if they are explicitly - allowed by something in the namespace they are referring to. For - example, Gateway has the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable other kinds of cross-namespace - reference. \n ParentRefs from a Route to a Service in the same - namespace are \"producer\" routes, which apply default routing rules - to inbound connections from any namespace to the Service. \n ParentRefs - from a Route to a Service in a different namespace are \"consumer\" - routes, and these routing rules are only applied to outbound connections - originating from the same namespace as the Route, for which the - intended destination of the connections are a Service targeted as - a ParentRef of the Route. \n " - items: - description: "ParentReference identifies an API object (usually - a Gateway) that can be considered a parent of this resource (usually - a route). There are two kinds of parent resources with \"Core\" - support: \n * Gateway (Gateway conformance profile) * Service - (Mesh conformance profile, experimental, ClusterIP Services only) - \n This API may be extended in the future to support additional - kinds of parent resources. \n The API object must be valid in - the cluster; the Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. When unspecified, - \"gateway.networking.k8s.io\" is inferred. To set the core - API group (such as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). \n Support: - Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n There are two - kinds of parent resources with \"Core\" support: \n * Gateway - (Gateway conformance profile) * Service (Mesh conformance - profile, experimental, ClusterIP Services only) \n Support - for other resources is Implementation-Specific." - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. \n Support: - Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the referent. When - unspecified, this refers to the local namespace of the Route. - \n Note that there are specific rules for ParentRefs which - cross namespace boundaries. Cross-namespace references are - only valid if they are explicitly allowed by something in - the namespace they are referring to. For example: Gateway - has the AllowedRoutes field, and ReferenceGrant provides a - generic way to enable any other kind of cross-namespace reference. - \n ParentRefs from a Route to a Service in the same namespace - are \"producer\" routes, which apply default routing rules - to inbound connections from any namespace to the Service. - \n ParentRefs from a Route to a Service in a different namespace - are \"consumer\" routes, and these routing rules are only - applied to outbound connections originating from the same - namespace as the Route, for which the intended destination - of the connections are a Service targeted as a ParentRef of - the Route. \n Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route targets. It - can be interpreted differently based on the type of parent - resource. \n When the parent resource is a Gateway, this targets - all listeners listening on the specified port that also support - this kind of Route(and select this Route). It's not recommended - to set `Port` unless the networking behaviors specified in - a Route must apply to a specific port as opposed to a listener(s) - whose port(s) may be changed. When both Port and SectionName - are specified, the name and port of the selected listener - must match both specified values. \n When the parent resource - is a Service, this targets a specific port in the Service - spec. When both Port (experimental) and SectionName are specified, - the name and port of the selected port must match both specified - values. \n Implementations MAY choose to support other parent - resources. Implementations supporting other types of parent - resources MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment is considered - successful as long as the parent resource accepts it partially. - For example, Gateway listeners can restrict which Routes can - attach to them by Route kind, namespace, or hostname. If 1 - of 2 Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully attached. - If no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. \n - Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section within the - target resource. In the following resources, SectionName is - interpreted as the following: \n * Gateway: Listener Name. - When both Port (experimental) and SectionName are specified, - the name and port of the selected listener must match both - specified values. * Service: Port Name. When both Port (experimental) - and SectionName are specified, the name and port of the selected - listener must match both specified values. Note that attaching - Routes to Services as Parents is part of experimental Mesh - support and is not supported for any other purpose. \n Implementations - MAY choose to support attaching Routes to other resources. - If that is the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), this will - reference the entire resource. For the purpose of status, - an attachment is considered successful if at least one section - in the parent resource accepts it. For example, Gateway listeners - can restrict which Routes can attach to them by Route kind, - namespace, or hostname. If 1 of 2 Gateway listeners accept - attachment from the referencing Route, the Route MUST be considered - successfully attached. If no Gateway listeners accept attachment - from this Route, the Route MUST be considered detached from - the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - maxItems: 32 - type: array - x-kubernetes-validations: - - message: sectionName or port must be specified when parentRefs includes - 2 or more references to the same parent - rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind - == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) - || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ - == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && - p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) - || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName - == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) - || p2.port == 0)): true))' - - message: sectionName or port must be unique when parentRefs includes - 2 or more references to the same parent - rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind - == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) - || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ - == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && - p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) - || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName - == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName - == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) - || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port - == p2.port)))) - rules: - description: Rules are a list of UDP matchers and actions. - items: - description: UDPRouteRule is the configuration for a given rule. - properties: - backendRefs: - description: "BackendRefs defines the backend(s) where matching - requests should be sent. If unspecified or invalid (refers - to a non-existent resource or a Service with no endpoints), - the underlying implementation MUST actively reject connection - attempts to this backend. Packet drops must respect weight; - if an invalid backend is requested to have 80% of the packets, - then 80% of packets must be dropped instead. \n Support: Core - for Kubernetes Service \n Support: Extended for Kubernetes - ServiceImport \n Support: Implementation-specific for any - other resource \n Support for weight: Extended" - items: - description: "BackendRef defines how a Route should forward - a request to a Kubernetes resource. \n Note that when a - namespace different than the local namespace is specified, - a ReferenceGrant object is required in the referent namespace - to allow that namespace's owner to accept the reference. - See the ReferenceGrant documentation for details. \n - \n When the BackendRef points to a Kubernetes Service, implementations - SHOULD honor the appProtocol field if it is set for the - target Service Port. \n Implementations supporting appProtocol - SHOULD recognize the Kubernetes Standard Application Protocols - defined in KEP-3726. \n If a Service appProtocol isn't specified, - an implementation MAY infer the backend protocol through - its own means. Implementations MAY infer the protocol from - the Route type referring to the backend Service. \n If a - Route is not able to send traffic to the backend using the - specified protocol then the backend is considered invalid. - Implementations MUST set the \"ResolvedRefs\" condition - to \"False\" with the \"UnsupportedProtocol\" reason. \n - \n Note that when the - BackendTLSPolicy object is enabled by the implementation, - there are some extra rules about validity to consider here. - See the fields where this struct is used for more information - about the exact behavior." + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + description: UDPRoute provides a way to route UDP traffic. When combined with a Gateway listener, it can be used to forward traffic on the port specified by the listener to a set of backends specified by the UDPRoute. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of UDPRoute. + properties: + parentRefs: + description: "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n " + items: + description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + properties: + group: + default: gateway.networking.k8s.io + description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Gateway + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: "Name is the name of the referent. \n Support: Core" + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + format: int32 + maximum: 65535 + minimum: 1 + type: integer + sectionName: + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + type: object + maxItems: 32 + type: array + x-kubernetes-validations: + - message: sectionName or port must be specified when parentRefs includes 2 or more references to the same parent + rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__ == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port) || p2.port == 0)): true))' + - message: sectionName or port must be unique when parentRefs includes 2 or more references to the same parent + rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__) || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) && p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName) || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port) || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port == p2.port)))) + rules: + description: Rules are a list of UDP matchers and actions. + items: + description: UDPRouteRule is the configuration for a given rule. + properties: + backendRefs: + description: "BackendRefs defines the backend(s) where matching requests should be sent. If unspecified or invalid (refers to a non-existent resource or a Service with no endpoints), the underlying implementation MUST actively reject connection attempts to this backend. Packet drops must respect weight; if an invalid backend is requested to have 80% of the packets, then 80% of packets must be dropped instead. \n Support: Core for Kubernetes Service \n Support: Extended for Kubernetes ServiceImport \n Support: Implementation-specific for any other resource \n Support for weight: Extended" + items: + description: "BackendRef defines how a Route should forward a request to a Kubernetes resource. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n \n When the BackendRef points to a Kubernetes Service, implementations SHOULD honor the appProtocol field if it is set for the target Service Port. \n Implementations supporting appProtocol SHOULD recognize the Kubernetes Standard Application Protocols defined in KEP-3726. \n If a Service appProtocol isn't specified, an implementation MAY infer the backend protocol through its own means. Implementations MAY infer the protocol from the Route type referring to the backend Service. \n If a Route is not able to send traffic to the backend using the specified protocol then the backend is considered invalid. Implementations MUST set the \"ResolvedRefs\" condition to \"False\" with the \"UnsupportedProtocol\" reason. \n \n Note that when the BackendTLSPolicy object is enabled by the implementation, there are some extra rules about validity to consider here. See the fields where this struct is used for more information about the exact behavior." + properties: + group: + default: "" + description: Group is the group of the referent. For example, "gateway.networking.k8s.io". When unspecified or empty string, core API group is inferred. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + description: "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)" + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core" + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + weight: + default: 1 + description: "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used." + format: int32 + maximum: 1000000 + minimum: 0 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind == ''Service'') ? has(self.port) : true' + maxItems: 16 + minItems: 1 + type: array + type: object + maxItems: 16 + minItems: 1 + type: array + required: + - rules + type: object + status: + description: Status defines the current state of UDPRoute. + properties: + parents: + description: "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway." + items: + description: RouteParentStatus describes the status of a route with respect to an associated Parent. + properties: + conditions: + description: "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the controller does not have access to." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controllerName: + description: "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ + type: string + parentRef: + description: ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of. properties: group: - default: "" - description: Group is the group of the referent. For example, - "gateway.networking.k8s.io". When unspecified or empty - string, core API group is inferred. + default: gateway.networking.k8s.io + description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: - default: Service - description: "Kind is the Kubernetes resource kind of - the referent. For example \"Service\". \n Defaults to - \"Service\" when not specified. \n ExternalName services - can refer to CNAME DNS records that may live outside - of the cluster and as such are difficult to reason about - in terms of conformance. They also may not be safe to - forward to (see CVE-2021-25740 for more information). - Implementations SHOULD NOT support ExternalName Services. - \n Support: Core (Services with a type other than ExternalName) - \n Support: Implementation-specific (Services with type - ExternalName)" + default: Gateway + description: "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific." maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: - description: Name is the name of the referent. + description: "Name is the name of the referent. \n Support: Core" maxLength: 253 minLength: 1 type: string namespace: - description: "Namespace is the namespace of the backend. - When unspecified, the local namespace is inferred. \n - Note that when a namespace different than the local - namespace is specified, a ReferenceGrant object is required - in the referent namespace to allow that namespace's - owner to accept the reference. See the ReferenceGrant - documentation for details. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: - description: Port specifies the destination port number - to use for this resource. Port is required when the - referent is a Kubernetes Service. In this case, the - port number is the service port number, not the target - port. For other resources, destination port might be - derived from the referent resource or this field. + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " format: int32 maximum: 65535 minimum: 1 type: integer - weight: - default: 1 - description: "Weight specifies the proportion of requests - forwarded to the referenced backend. This is computed - as weight/(sum of all weights in this BackendRefs list). - For non-zero values, there may be some epsilon from - the exact proportion defined here depending on the precision - an implementation supports. Weight is not a percentage - and the sum of weights does not need to equal 100. \n - If only one backend is specified and it has a weight - greater than 0, 100% of the traffic is forwarded to - that backend. If weight is set to 0, no traffic should - be forwarded for this entry. If unspecified, weight - defaults to 1. \n Support for this field varies based - on the context where used." - format: int32 - maximum: 1000000 - minimum: 0 - type: integer - required: - - name - type: object - x-kubernetes-validations: - - message: Must have port for Service reference - rule: '(size(self.group) == 0 && self.kind == ''Service'') - ? has(self.port) : true' - maxItems: 16 - minItems: 1 - type: array - type: object - maxItems: 16 - minItems: 1 - type: array - required: - - rules - type: object - status: - description: Status defines the current state of UDPRoute. - properties: - parents: - description: "Parents is a list of parent resources (usually Gateways) - that are associated with the route, and the status of the route - with respect to each parent. When this route attaches to a parent, - the controller that manages the parent must add an entry to this - list when the controller first sees the route and should update - the entry as appropriate when the route or gateway is modified. - \n Note that parent references that cannot be resolved by an implementation - of this API will not be added to this list. Implementations of this - API can only populate Route status for the Gateways/parent resources - they are responsible for. \n A maximum of 32 Gateways will be represented - in this list. An empty list means the route has not been attached - to any Gateway." - items: - description: RouteParentStatus describes the status of a route with - respect to an associated Parent. - properties: - conditions: - description: "Conditions describes the status of the route with - respect to the Gateway. Note that the route's availability - is also subject to the Gateway's own status conditions and - listener status. \n If the Route's ParentRef specifies an - existing Gateway that supports Routes of this kind AND that - Gateway's controller has sufficient access, then that Gateway's - controller MUST set the \"Accepted\" condition on the Route, - to indicate whether the route has been accepted or rejected - by the Gateway, and why. \n A Route MUST be considered \"Accepted\" - if at least one of the Route's rules is implemented by the - Gateway. \n There are a number of cases where the \"Accepted\" - condition may not be set due to lack of controller visibility, - that includes when: \n * The Route refers to a non-existent - parent. * The Route is of a type that the controller does - not support. * The Route is in a namespace the controller - does not have access to." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 + sectionName: + description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + maxLength: 253 minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - - lastTransitionTime - - message - - reason - - status - - type + - name type: object - maxItems: 8 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controllerName: - description: "ControllerName is a domain/path string that indicates - the name of the controller that wrote this status. This corresponds - with the controllerName field on GatewayClass. \n Example: - \"example.net/gateway-controller\". \n The format of this - field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid - Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). - \n Controllers MUST populate this field when writing status. - Controllers should ensure that entries to status populated - with their ControllerName are cleaned up when they are no - longer necessary." - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$ - type: string - parentRef: - description: ParentRef corresponds with a ParentRef in the spec - that this RouteParentStatus struct describes the status of. - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. When unspecified, - \"gateway.networking.k8s.io\" is inferred. To set the - core API group (such as for a \"Service\" kind referent), - Group must be explicitly set to \"\" (empty string). \n - Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n There are - two kinds of parent resources with \"Core\" support: \n - * Gateway (Gateway conformance profile) * Service (Mesh - conformance profile, experimental, ClusterIP Services - only) \n Support for other resources is Implementation-Specific." - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. \n Support: - Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the referent. - When unspecified, this refers to the local namespace of - the Route. \n Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace references - are only valid if they are explicitly allowed by something - in the namespace they are referring to. For example: Gateway - has the AllowedRoutes field, and ReferenceGrant provides - a generic way to enable any other kind of cross-namespace - reference. \n ParentRefs from a Route to a Service in - the same namespace are \"producer\" routes, which apply - default routing rules to inbound connections from any - namespace to the Service. \n ParentRefs from a Route to - a Service in a different namespace are \"consumer\" routes, - and these routing rules are only applied to outbound connections - originating from the same namespace as the Route, for - which the intended destination of the connections are - a Service targeted as a ParentRef of the Route. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route targets. - It can be interpreted differently based on the type of - parent resource. \n When the parent resource is a Gateway, - this targets all listeners listening on the specified - port that also support this kind of Route(and select this - Route). It's not recommended to set `Port` unless the - networking behaviors specified in a Route must apply to - a specific port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName are specified, - the name and port of the selected listener must match - both specified values. \n When the parent resource is - a Service, this targets a specific port in the Service - spec. When both Port (experimental) and SectionName are - specified, the name and port of the selected port must - match both specified values. \n Implementations MAY choose - to support other parent resources. Implementations supporting - other types of parent resources MUST clearly document - how/if Port is interpreted. \n For the purpose of status, - an attachment is considered successful as long as the - parent resource accepts it partially. For example, Gateway - listeners can restrict which Routes can attach to them - by Route kind, namespace, or hostname. If 1 of 2 Gateway - listeners accept attachment from the referencing Route, - the Route MUST be considered successfully attached. If - no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. - \n Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section within - the target resource. In the following resources, SectionName - is interpreted as the following: \n * Gateway: Listener - Name. When both Port (experimental) and SectionName are - specified, the name and port of the selected listener - must match both specified values. * Service: Port Name. - When both Port (experimental) and SectionName are specified, - the name and port of the selected listener must match - both specified values. Note that attaching Routes to Services - as Parents is part of experimental Mesh support and is - not supported for any other purpose. \n Implementations - MAY choose to support attaching Routes to other resources. - If that is the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), this - will reference the entire resource. For the purpose of - status, an attachment is considered successful if at least - one section in the parent resource accepts it. For example, - Gateway listeners can restrict which Routes can attach - to them by Route kind, namespace, or hostname. If 1 of - 2 Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully attached. - If no Gateway listeners accept attachment from this Route, - the Route MUST be considered detached from the Gateway. - \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - required: - - controllerName - - parentRef - type: object - maxItems: 32 - type: array - required: - - parents - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} + required: + - controllerName + - parentRef + type: object + maxItems: 32 + type: array + required: + - parents + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/definitions/gateway.solo.io.v2/gateway.yaml b/definitions/gateway.solo.io.v2/gateway.yaml new file mode 100644 index 000000000..ed2a2e6c6 --- /dev/null +++ b/definitions/gateway.solo.io.v2/gateway.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gateways.gateway.solo.io.v2 + annotations: + "helm.sh/hook": crd-install + labels: + installationId: r4RQ4m7rfKF0By9jh1zS +spec: + group: gateway.solo.io.v2 + names: + kind: Gateway + listKind: GatewayList + plural: gateways + shortNames: + - gw + singular: gateway + scope: Namespaced + version: v2 + versions: + - name: v2 + storage: true + served: true diff --git a/definitions/graphql.gloo.solo.io/graphqlschema.yaml b/definitions/graphql.gloo.solo.io/graphqlschema.yaml new file mode 100644 index 000000000..4b4c1d8c3 --- /dev/null +++ b/definitions/graphql.gloo.solo.io/graphqlschema.yaml @@ -0,0 +1,26 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: graphqlschemas.graphql.gloo.solo.io +spec: + group: graphql.gloo.solo.io + names: + kind: GraphQLSchema + listKind: GraphQLSchemaList + plural: graphqlschemas + singular: graphqlschema + shortNames: + - gqls + - ggqls + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + diff --git a/definitions/helm.toolkit.fluxcd.io/helmrelease.yaml b/definitions/helm.toolkit.fluxcd.io/helmrelease.yaml index 41bd7dad6..093b681fb 100644 --- a/definitions/helm.toolkit.fluxcd.io/helmrelease.yaml +++ b/definitions/helm.toolkit.fluxcd.io/helmrelease.yaml @@ -1,9 +1,8 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.12.0 name: helmreleases.helm.toolkit.fluxcd.io spec: group: helm.toolkit.fluxcd.io @@ -26,25 +25,22 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - name: v2 + deprecated: true + deprecationWarning: v2beta1 HelmRelease is deprecated, upgrade to v2beta2 + name: v2beta1 schema: openAPIV3Schema: description: HelmRelease is the Schema for the helmreleases API properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -52,9 +48,8 @@ spec: description: HelmReleaseSpec defines the desired state of a Helm release. properties: chart: - description: |- - Chart defines the template of the v1.HelmChart that should be created - for this HelmRelease. + description: Chart defines the template of the v1beta2.HelmChart that + should be created for this HelmRelease. properties: metadata: description: ObjectMeta holds the template for metadata like labels @@ -63,55 +58,46 @@ spec: annotations: additionalProperties: type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' type: object labels: additionalProperties: type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' type: object type: object spec: - description: Spec holds the template for the v1.HelmChartSpec + description: Spec holds the template for the v1beta2.HelmChartSpec for this HelmRelease. properties: chart: description: The name or path the Helm chart is available at in the SourceRef. - maxLength: 2048 - minLength: 1 type: string - ignoreMissingValuesFiles: - description: IgnoreMissingValuesFiles controls whether to - silently ignore missing values files rather than failing. - type: boolean interval: - description: |- - Interval at which to check the v1.Source for updates. Defaults to - 'HelmReleaseSpec.Interval'. + description: Interval at which to check the v1beta2.Source + for updates. Defaults to 'HelmReleaseSpec.Interval'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string reconcileStrategy: default: ChartVersion - description: |- - Determines what enables the creation of a new artifact. Valid values are - ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their behavior. - Defaults to ChartVersion when omitted. + description: Determines what enables the creation of a new + artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on + their behavior. Defaults to ChartVersion when omitted. enum: - ChartVersion - Revision type: string sourceRef: - description: The name and namespace of the v1.Source the chart - is available at. + description: The name and namespace of the v1beta2.Source + the chart is available at. properties: apiVersion: description: APIVersion of the referent. @@ -134,26 +120,31 @@ spec: minLength: 1 type: string required: - - kind - name type: object + valuesFile: + description: Alternative values file to use as the default + chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file defined here is merged before the ValuesFiles items. + Ignored when omitted. + type: string valuesFiles: - description: |- - Alternative list of values files to use as the chart values (values.yaml - is not included by default), expected to be a relative path in the SourceRef. - Values files are merged in the order of this list with the last file overriding + description: Alternative list of values files to use as the + chart values (values.yaml is not included by default), expected + to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding the first. Ignored when omitted. items: type: string type: array verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. - This field is only supported for OCI sources. - Chart dependencies, which are not bundled in the umbrella chart artifact, - are not verified. + description: Verify contains the secret name containing the + trusted public keys used to verify the signature and specifies + which provider to use to check whether OCI image is authentic. + This field is only supported for OCI sources. Chart dependencies, + which are not bundled in the umbrella chart artifact, are + not verified. properties: provider: default: cosign @@ -161,12 +152,10 @@ spec: sign the OCI Helm chart. enum: - cosign - - notation type: string secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. + description: SecretRef specifies the Kubernetes Secret + containing the trusted public keys. properties: name: description: Name of the referent. @@ -179,9 +168,9 @@ spec: type: object version: default: '*' - description: |- - Version semver expression, ignored for charts from v1.GitRepository and - v1beta2.Bucket sources. Defaults to latest when omitted. + description: Version semver expression, ignored for charts + from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults + to latest when omitted. type: string required: - chart @@ -190,135 +179,72 @@ spec: required: - spec type: object - chartRef: - description: |- - ChartRef holds a reference to a source controller resource containing the - Helm chart artifact. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - HelmChart - - ExternalArtifact - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: |- - Namespace of the referent, defaults to the namespace of the Kubernetes - resource object that contains the reference. - maxLength: 63 - minLength: 1 - type: string - required: - - kind - - name - type: object - commonMetadata: - description: |- - CommonMetadata specifies the common labels and annotations that are - applied to all resources. Any existing label or annotation will be - overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object dependsOn: - description: |- - DependsOn may contain a DependencyReference slice with - references to HelmRelease resources that must be ready before this HelmRelease - can be reconciled. + description: DependsOn may contain a meta.NamespacedObjectReference + slice with references to HelmRelease resources that must be ready + before this HelmRelease can be reconciled. items: - description: DependencyReference defines a HelmRelease dependency - on another HelmRelease resource. + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. properties: name: description: Name of the referent. type: string namespace: - description: |- - Namespace of the referent, defaults to the namespace of the HelmRelease - resource object that contains the reference. - type: string - readyExpr: - description: |- - ReadyExpr is a CEL expression that can be used to assess the readiness - of a dependency. When specified, the built-in readiness check - is replaced by the logic defined in the CEL expression. - To make the CEL expression additive to the built-in readiness check, - the feature gate `AdditiveCELDependencyCheck` must be set to `true`. + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. type: string required: - name type: object type: array driftDetection: - description: |- - DriftDetection holds the configuration for detecting and handling - differences between the manifest in the Helm storage and the resources - currently existing in the cluster. + description: "DriftDetection holds the configuration for detecting + and handling differences between the manifest in the Helm storage + and the resources currently existing in the cluster. \n Note: this + field is provisional to the v2beta2 API, and not actively used by + v2beta1 HelmReleases." properties: ignore: - description: |- - Ignore contains a list of rules for specifying which changes to ignore - during diffing. + description: Ignore contains a list of rules for specifying which + changes to ignore during diffing. items: - description: |- - IgnoreRule defines a rule to selectively disregard specific changes during - the drift detection process. + description: IgnoreRule defines a rule to selectively disregard + specific changes during the drift detection process. properties: paths: - description: |- - Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from - consideration in a Kubernetes object. + description: Paths is a list of JSON Pointer (RFC 6901) + paths to be excluded from consideration in a Kubernetes + object. items: type: string type: array target: - description: |- - Target is a selector for specifying Kubernetes objects to which this - rule applies. - If Target is not set, the Paths will be ignored for all Kubernetes - objects within the manifest of the Helm release. + description: Target is a selector for specifying Kubernetes + objects to which this rule applies. If Target is not set, + the Paths will be ignored for all Kubernetes objects within + the manifest of the Helm release. properties: annotationSelector: - description: |- - AnnotationSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. type: string group: - description: |- - Group is the API group to select resources from. - Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + description: Group is the API group to select resources + from. Together with Version and Kind it is capable + of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string kind: - description: |- - Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. + description: Kind of the API Group to select resources + from. Together with Group and Version it is capable + of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string labelSelector: - description: |- - LabelSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. type: string name: @@ -328,9 +254,9 @@ spec: description: Namespace to select resources from. type: string version: - description: |- - Version of the API Group to select resources from. - Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of + unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string type: object @@ -339,10 +265,9 @@ spec: type: object type: array mode: - description: |- - Mode defines how differences should be handled between the Helm manifest - and the manifest currently applied to the cluster. - If not explicitly set, it defaults to DiffModeDisabled. + description: Mode defines how differences should be handled between + the Helm manifest and the manifest currently applied to the + cluster. If not explicitly set, it defaults to DiffModeDisabled. enum: - enabled - warn @@ -354,192 +279,108 @@ spec: for this HelmRelease. properties: crds: - description: |- - CRDs upgrade CRDs from the Helm Chart's crds directory according - to the CRD upgrade policy provided here. Valid values are `Skip`, - `Create` or `CreateReplace`. Default is `Create` and if omitted - CRDs are installed but not updated. - - Skip: do neither install nor replace (update) any CRDs. - - Create: new CRDs are created, existing CRDs are neither updated nor deleted. - - CreateReplace: new CRDs are created, existing CRDs are updated (replaced) - but not deleted. - - By default, CRDs are applied (installed) during Helm install action. - With this option users can opt in to CRD replace existing CRDs on Helm + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Create` + and if omitted CRDs are installed but not updated. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are applied (installed) during Helm install action. With this + option users can opt-in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions. + https://helm.sh/docs/chart_best_practices/custom_resource_definitions." enum: - Skip - Create - CreateReplace type: string createNamespace: - description: |- - CreateNamespace tells the Helm install action to create the - HelmReleaseSpec.TargetNamespace if it does not exist yet. - On uninstall, the namespace will not be garbage collected. + description: CreateNamespace tells the Helm install action to + create the HelmReleaseSpec.TargetNamespace if it does not exist + yet. On uninstall, the namespace will not be garbage collected. type: boolean disableHooks: description: DisableHooks prevents hooks from running during the Helm install action. type: boolean disableOpenAPIValidation: - description: |- - DisableOpenAPIValidation prevents the Helm install action from validating - rendered templates against the Kubernetes OpenAPI Schema. - type: boolean - disableSchemaValidation: - description: |- - DisableSchemaValidation prevents the Helm install action from validating - the values against the JSON Schema. - type: boolean - disableTakeOwnership: - description: |- - DisableTakeOwnership disables taking ownership of existing resources - during the Helm install action. Defaults to false. + description: DisableOpenAPIValidation prevents the Helm install + action from validating rendered templates against the Kubernetes + OpenAPI Schema. type: boolean disableWait: - description: |- - DisableWait disables the waiting for resources to be ready after a Helm - install has been performed. + description: DisableWait disables the waiting for resources to + be ready after a Helm install has been performed. type: boolean disableWaitForJobs: - description: |- - DisableWaitForJobs disables waiting for jobs to complete after a Helm - install has been performed. + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm install has been performed. type: boolean remediation: - description: |- - Remediation holds the remediation configuration for when the Helm install - action for the HelmRelease fails. The default is to not perform any action. + description: Remediation holds the remediation configuration for + when the Helm install action for the HelmRelease fails. The + default is to not perform any action. properties: ignoreTestFailures: - description: |- - IgnoreTestFailures tells the controller to skip remediation when the Helm - tests are run after an install action but fail. Defaults to - 'Test.IgnoreFailures'. + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an install + action but fail. Defaults to 'Test.IgnoreFailures'. type: boolean remediateLastFailure: - description: |- - RemediateLastFailure tells the controller to remediate the last failure, when - no retries remain. Defaults to 'false'. + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false'. type: boolean retries: - description: |- - Retries is the number of retries that should be attempted on failures before - bailing. Remediation, using an uninstall, is performed between each attempt. - Defaults to '0', a negative integer equals to unlimited retries. + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + an uninstall, is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. type: integer type: object replace: - description: |- - Replace tells the Helm install action to re-use the 'ReleaseName', but only - if that name is a deleted release which remains in the history. + description: Replace tells the Helm install action to re-use the + 'ReleaseName', but only if that name is a deleted release which + remains in the history. type: boolean skipCRDs: - description: |- - SkipCRDs tells the Helm install action to not install any CRDs. By default, - CRDs are installed if not already present. - - Deprecated use CRD policy (`crds`) attribute with value `Skip` instead. + description: "SkipCRDs tells the Helm install action to not install + any CRDs. By default, CRDs are installed if not already present. + \n Deprecated use CRD policy (`crds`) attribute with value `Skip` + instead." type: boolean - strategy: - description: |- - Strategy defines the install strategy to use for this HelmRelease. - Defaults to 'RemediateOnFailure'. - properties: - name: - description: Name of the install strategy. - enum: - - RemediateOnFailure - - RetryOnFailure - type: string - retryInterval: - description: |- - RetryInterval is the interval at which to retry a failed install. - Can be used only when Name is set to RetryOnFailure. - Defaults to '5m'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - required: - - name - type: object - x-kubernetes-validations: - - message: .retryInterval cannot be set when .name is 'RemediateOnFailure' - rule: '!has(self.retryInterval) || self.name != ''RemediateOnFailure''' timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm install action. Defaults to - 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object interval: - description: Interval at which to reconcile the Helm release. + description: Interval at which to reconcile the Helm release. This + interval is approximate and may be subject to jitter to ensure efficient + use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string kubeConfig: - description: |- - KubeConfig for reconciling the HelmRelease on a remote cluster. - When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at the - target cluster. - If the --default-service-account flag is set, its value will be used as - a controller level fallback for when HelmReleaseSpec.ServiceAccountName + description: KubeConfig for reconciling the HelmRelease on a remote + cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, + forces the controller to act on behalf of that Service Account at + the target cluster. If the --default-service-account flag is set, + its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName is empty. properties: - configMapRef: - description: |- - ConfigMapRef holds an optional name of a ConfigMap that contains - the following keys: - - - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or - `generic`. Required. - - `cluster`: the fully qualified resource name of the Kubernetes - cluster in the cloud provider API. Not used by the `generic` - provider. Required when one of `address` or `ca.crt` is not set. - - `address`: the address of the Kubernetes API server. Required - for `generic`. For the other providers, if not specified, the - first address in the cluster resource will be used, and if - specified, it must match one of the addresses in the cluster - resource. - If audiences is not set, will be used as the audience for the - `generic` provider. - - `ca.crt`: the optional PEM-encoded CA certificate for the - Kubernetes API server. If not set, the controller will use the - CA certificate from the cluster resource. - - `audiences`: the optional audiences as a list of - line-break-separated strings for the Kubernetes ServiceAccount - token. Defaults to the `address` for the `generic` provider, or - to specific values for the other providers depending on the - provider. - - `serviceAccountName`: the optional name of the Kubernetes - ServiceAccount in the same namespace that should be used - for authentication. If not specified, the controller - ServiceAccount will be used. - - Mutually exclusive with SecretRef. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object secretRef: - description: |- - SecretRef holds an optional name of a secret that contains a key with - the kubeconfig file as the value. If no key is set, the key will default - to 'value'. Mutually exclusive with ConfigMapRef. - It is recommended that the kubeconfig is self-contained, and the secret - is regularly updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without adding - binaries and credentials to the Pod that is responsible for reconciling - Kubernetes resources. Supported only for the generic provider. + description: SecretRef holds the name of a secret that contains + a key with the kubeconfig file as the value. If no key is set, + the key will default to 'value'. It is recommended that the + kubeconfig is self-contained, and the secret is regularly updated + if credentials such as a cloud-access-token expire. Cloud specific + `cmd-path` auth helpers will not function without adding binaries + and credentials to the Pod that is responsible for reconciling + Kubernetes resources. properties: key: description: Key in the Secret, when not specified an implementation-specific @@ -551,37 +392,28 @@ spec: required: - name type: object + required: + - secretRef type: object - x-kubernetes-validations: - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: has(self.configMapRef) || has(self.secretRef) - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: '!has(self.configMapRef) || !has(self.secretRef)' maxHistory: - description: |- - MaxHistory is the number of revisions saved by Helm for this HelmRelease. - Use '0' for an unlimited number of revisions; defaults to '5'. + description: MaxHistory is the number of revisions saved by Helm for + this HelmRelease. Use '0' for an unlimited number of revisions; + defaults to '10'. type: integer persistentClient: - description: |- - PersistentClient tells the controller to use a persistent Kubernetes - client for this release. When enabled, the client will be reused for the - duration of the reconciliation, instead of being created and destroyed - for each (step of a) Helm action. - - This can improve performance, but may cause issues with some Helm charts + description: "PersistentClient tells the controller to use a persistent + Kubernetes client for this release. When enabled, the client will + be reused for the duration of the reconciliation, instead of being + created and destroyed for each (step of a) Helm action. \n This + can improve performance, but may cause issues with some Helm charts that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed to be - available by e.g. post-install hooks. - - If not set, it defaults to true. + outside Helm's CRD lifecycle hooks, which are then not observed + to be available by e.g. post-install hooks. \n If not set, it defaults + to true." type: boolean postRenderers: - description: |- - PostRenderers holds an array of Helm PostRenderers, which will be applied in order - of their definition. + description: PostRenderers holds an array of Helm PostRenderers, which + will be applied in order of their definition. items: description: PostRenderer contains a Helm PostRenderer specification. properties: @@ -589,19 +421,19 @@ spec: description: Kustomization to apply as PostRenderer. properties: images: - description: |- - Images is a list of (image name, new name, new tag or digest) - for changing image names, tags or digests. This can also be achieved with a - patch, but this operator is simpler to specify. + description: Images is a list of (image name, new name, + new tag or digest) for changing image names, tags or digests. + This can also be achieved with a patch, but this operator + is simpler to specify. items: description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. properties: digest: - description: |- - Digest is the value used to replace the original image tag. - If digest is present NewTag value is ignored. + description: Digest is the value used to replace the + original image tag. If digest is present NewTag + value is ignored. type: string name: description: Name is a tag-less image name. @@ -619,46 +451,137 @@ spec: type: object type: array patches: - description: |- - Strategic merge and JSON patches, defined as inline YAML objects, - capable of targeting objects based on kind, label and annotation selectors. + description: Strategic merge and JSON patches, defined as + inline YAML objects, capable of targeting objects based + on kind, label and annotation selectors. items: - description: |- - Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should - be applied to. + description: Patch contains an inline StrategicMerge or + JSON6902 patch, and the target the patch should be applied + to. properties: patch: - description: |- - Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with - an array of operation objects. + description: Patch contains an inline StrategicMerge + patch or an inline JSON6902 patch with an array + of operation objects. type: string target: description: Target points to the resources that the patch document should be applied to. properties: annotationSelector: - description: |- - AnnotationSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and + the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document + with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. + https://datatracker.ietf.org/doc/html/rfc6902#section-4 + properties: + from: + description: From contains a JSON-pointer value + that references a location within the target + document where the operation is performed. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. + type: string + op: + description: Op indicates the operation to perform. + Its value MUST be one of "add", "remove", + "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + description: Path contains the JSON-pointer + value that references a location within the + target document where the operation is performed. + The meaning of the value depends on the value + of Op. + type: string + value: + description: Value contains a valid JSON structure. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. type: string group: - description: |- - Group is the API group to select resources from. - Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string kind: - description: |- - Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string labelSelector: - description: |- - LabelSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. type: string name: @@ -668,23 +591,29 @@ spec: description: Namespace to select resources from. type: string version: - description: |- - Version of the API Group to select resources from. - Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string type: object required: - patch + - target type: object type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline + YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array type: object type: object type: array releaseName: - description: |- - ReleaseName used for the Helm release. Defaults to a composition of - '[TargetNamespace-]Name'. + description: ReleaseName used for the Helm release. Defaults to a + composition of '[TargetNamespace-]Name'. maxLength: 53 minLength: 1 type: string @@ -693,23 +622,20 @@ spec: for this HelmRelease. properties: cleanupOnFail: - description: |- - CleanupOnFail allows deletion of new resources created during the Helm - rollback action when it fails. + description: CleanupOnFail allows deletion of new resources created + during the Helm rollback action when it fails. type: boolean disableHooks: description: DisableHooks prevents hooks from running during the Helm rollback action. type: boolean disableWait: - description: |- - DisableWait disables the waiting for resources to be ready after a Helm - rollback has been performed. + description: DisableWait disables the waiting for resources to + be ready after a Helm rollback has been performed. type: boolean disableWaitForJobs: - description: |- - DisableWaitForJobs disables waiting for jobs to complete after a Helm - rollback has been performed. + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm rollback has been performed. type: boolean force: description: Force forces resource updates through a replacement @@ -720,36 +646,30 @@ spec: applicable. type: boolean timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm rollback action. Defaults to - 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object serviceAccountName: - description: |- - The name of the Kubernetes service account to impersonate + description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. - maxLength: 253 - minLength: 1 type: string storageNamespace: - description: |- - StorageNamespace used for the Helm storage. - Defaults to the namespace of the HelmRelease. + description: StorageNamespace used for the Helm storage. Defaults + to the namespace of the HelmRelease. maxLength: 63 minLength: 1 type: string suspend: - description: |- - Suspend tells the controller to suspend reconciliation for this HelmRelease, - it does not apply to already started reconciliations. Defaults to false. + description: Suspend tells the controller to suspend reconciliation + for this HelmRelease, it does not apply to already started reconciliations. + Defaults to false. type: boolean targetNamespace: - description: |- - TargetNamespace to target when performing operations for the HelmRelease. - Defaults to the namespace of the HelmRelease. + description: TargetNamespace to target when performing operations + for the HelmRelease. Defaults to the namespace of the HelmRelease. maxLength: 63 minLength: 1 type: string @@ -758,47 +678,26 @@ spec: this HelmRelease. properties: enable: - description: |- - Enable enables Helm test actions for this HelmRelease after an Helm install - or upgrade action has been performed. + description: Enable enables Helm test actions for this HelmRelease + after an Helm install or upgrade action has been performed. type: boolean - filters: - description: Filters is a list of tests to run or exclude from - running. - items: - description: Filter holds the configuration for individual Helm - test filters. - properties: - exclude: - description: Exclude specifies whether the named test should - be excluded. - type: boolean - name: - description: Name is the name of the test. - maxLength: 253 - minLength: 1 - type: string - required: - - name - type: object - type: array ignoreFailures: - description: |- - IgnoreFailures tells the controller to skip remediation when the Helm tests - are run but fail. Can be overwritten for tests run after install or upgrade - actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. + description: IgnoreFailures tells the controller to skip remediation + when the Helm tests are run but fail. Can be overwritten for + tests run after install or upgrade actions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. type: boolean timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation during - the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation during the performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like Jobs - for hooks) during the performance of a Helm action. Defaults to '5m0s'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a Helm + action. Defaults to '5m0s'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string uninstall: @@ -807,9 +706,8 @@ spec: properties: deletionPropagation: default: background - description: |- - DeletionPropagation specifies the deletion propagation policy when - a Helm uninstall is performed. + description: DeletionPropagation specifies the deletion propagation + policy when a Helm uninstall is performed. enum: - background - foreground @@ -820,20 +718,17 @@ spec: Helm rollback action. type: boolean disableWait: - description: |- - DisableWait disables waiting for all the resources to be deleted after - a Helm uninstall is performed. + description: DisableWait disables waiting for all the resources + to be deleted after a Helm uninstall is performed. type: boolean keepHistory: - description: |- - KeepHistory tells Helm to remove all associated resources and mark the - release as deleted, but retain the release history. + description: KeepHistory tells Helm to remove all associated resources + and mark the release as deleted, but retain the release history. type: boolean timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm uninstall action. Defaults - to 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object @@ -842,27 +737,21 @@ spec: for this HelmRelease. properties: cleanupOnFail: - description: |- - CleanupOnFail allows deletion of new resources created during the Helm - upgrade action when it fails. + description: CleanupOnFail allows deletion of new resources created + during the Helm upgrade action when it fails. type: boolean crds: - description: |- - CRDs upgrade CRDs from the Helm Chart's crds directory according - to the CRD upgrade policy provided here. Valid values are `Skip`, - `Create` or `CreateReplace`. Default is `Skip` and if omitted - CRDs are neither installed nor upgraded. - - Skip: do neither install nor replace (update) any CRDs. - - Create: new CRDs are created, existing CRDs are neither updated nor deleted. - - CreateReplace: new CRDs are created, existing CRDs are updated (replaced) - but not deleted. - - By default, CRDs are not applied during Helm upgrade action. With this - option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions. + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and + if omitted CRDs are neither installed nor upgraded. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are not applied during Helm upgrade action. With this option + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." enum: - Skip - Create @@ -873,61 +762,47 @@ spec: Helm upgrade action. type: boolean disableOpenAPIValidation: - description: |- - DisableOpenAPIValidation prevents the Helm upgrade action from validating - rendered templates against the Kubernetes OpenAPI Schema. - type: boolean - disableSchemaValidation: - description: |- - DisableSchemaValidation prevents the Helm upgrade action from validating - the values against the JSON Schema. - type: boolean - disableTakeOwnership: - description: |- - DisableTakeOwnership disables taking ownership of existing resources - during the Helm upgrade action. Defaults to false. + description: DisableOpenAPIValidation prevents the Helm upgrade + action from validating rendered templates against the Kubernetes + OpenAPI Schema. type: boolean disableWait: - description: |- - DisableWait disables the waiting for resources to be ready after a Helm - upgrade has been performed. + description: DisableWait disables the waiting for resources to + be ready after a Helm upgrade has been performed. type: boolean disableWaitForJobs: - description: |- - DisableWaitForJobs disables waiting for jobs to complete after a Helm - upgrade has been performed. + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm upgrade has been performed. type: boolean force: description: Force forces resource updates through a replacement strategy. type: boolean preserveValues: - description: |- - PreserveValues will make Helm reuse the last release's values and merge in - overrides from 'Values'. Setting this flag makes the HelmRelease - non-declarative. + description: PreserveValues will make Helm reuse the last release's + values and merge in overrides from 'Values'. Setting this flag + makes the HelmRelease non-declarative. type: boolean remediation: - description: |- - Remediation holds the remediation configuration for when the Helm upgrade - action for the HelmRelease fails. The default is to not perform any action. + description: Remediation holds the remediation configuration for + when the Helm upgrade action for the HelmRelease fails. The + default is to not perform any action. properties: ignoreTestFailures: - description: |- - IgnoreTestFailures tells the controller to skip remediation when the Helm - tests are run after an upgrade action but fail. - Defaults to 'Test.IgnoreFailures'. + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an upgrade + action but fail. Defaults to 'Test.IgnoreFailures'. type: boolean remediateLastFailure: - description: |- - RemediateLastFailure tells the controller to remediate the last failure, when - no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. type: boolean retries: - description: |- - Retries is the number of retries that should be attempted on failures before - bailing. Remediation, using 'Strategy', is performed between each attempt. - Defaults to '0', a negative integer equals to unlimited retries. + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + 'Strategy', is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. type: integer strategy: description: Strategy to use for failure remediation. Defaults @@ -937,35 +812,10 @@ spec: - uninstall type: string type: object - strategy: - description: |- - Strategy defines the upgrade strategy to use for this HelmRelease. - Defaults to 'RemediateOnFailure'. - properties: - name: - description: Name of the upgrade strategy. - enum: - - RemediateOnFailure - - RetryOnFailure - type: string - retryInterval: - description: |- - RetryInterval is the interval at which to retry a failed upgrade. - Can be used only when Name is set to RetryOnFailure. - Defaults to '5m'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - required: - - name - type: object - x-kubernetes-validations: - - message: .retryInterval can only be set when .name is 'RetryOnFailure' - rule: '!has(self.retryInterval) || self.name == ''RetryOnFailure''' timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm upgrade action. Defaults to - 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object @@ -973,13 +823,13 @@ spec: description: Values holds the values for this Helm release. x-kubernetes-preserve-unknown-fields: true valuesFrom: - description: |- - ValuesFrom holds references to resources containing Helm values for this HelmRelease, - and information about how they should be merged. + description: ValuesFrom holds references to resources containing Helm + values for this HelmRelease, and information about how they should + be merged. items: - description: |- - ValuesReference contains a reference to a resource containing Helm values, - and optionally the key they can be found at. + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be found + at. properties: kind: description: Kind of the values referent, valid values are ('Secret', @@ -989,30 +839,30 @@ spec: - ConfigMap type: string name: - description: |- - Name of the values referent. Should reside in the same namespace as the - referring resource. + description: Name of the values referent. Should reside in the + same namespace as the referring resource. maxLength: 253 minLength: 1 type: string optional: - description: |- - Optional marks this ValuesReference as optional. When set, a not found error - for the values reference is ignored, but any ValuesKey, TargetPath or - transient error will still result in a reconciliation failure. + description: Optional marks this ValuesReference as optional. + When set, a not found error for the values reference is ignored, + but any ValuesKey, TargetPath or transient error will still + result in a reconciliation failure. type: boolean targetPath: - description: |- - TargetPath is the YAML dot notation path the value should be merged at. When - set, the ValuesKey is expected to be a single flat value. Defaults to 'None', - which results in the values getting merged at the root. + description: TargetPath is the YAML dot notation path the value + should be merged at. When set, the ValuesKey is expected to + be a single flat value. Defaults to 'None', which results + in the values getting merged at the root. maxLength: 250 pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string valuesKey: - description: |- - ValuesKey is the data key where the values.yaml or a specific value can be - found at. Defaults to 'values.yaml'. + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. + When set, must be a valid Data Key, consisting of alphanumeric + characters, '-', '_' or '.'. maxLength: 253 pattern: ^[\-._a-zA-Z0-9]+$ type: string @@ -1022,12 +872,9 @@ spec: type: object type: array required: + - chart - interval type: object - x-kubernetes-validations: - - message: either chart or chartRef must be set - rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart) - && has(self.chartRef)) status: default: observedGeneration: -1 @@ -1036,35 +883,43 @@ spec: conditions: description: Conditions holds the conditions for the HelmRelease. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -1079,6 +934,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -1091,58 +950,49 @@ spec: type: object type: array failures: - description: |- - Failures is the reconciliation failure count against the latest desired - state. It is reset after a successful reconciliation. + description: Failures is the reconciliation failure count against + the latest desired state. It is reset after a successful reconciliation. format: int64 type: integer helmChart: - description: |- - HelmChart is the namespaced name of the HelmChart resource created by - the controller for the HelmRelease. + description: HelmChart is the namespaced name of the HelmChart resource + created by the controller for the HelmRelease. type: string history: - description: |- - History holds the history of Helm releases performed for this HelmRelease - up to the last successfully completed release. + description: "History holds the history of Helm releases performed + for this HelmRelease up to the last successfully completed release. + \n Note: this field is provisional to the v2beta2 API, and not actively + used by v2beta1 HelmReleases." items: - description: |- - Snapshot captures a point-in-time copy of the status information for a Helm release, - as managed by the controller. + description: Snapshot captures a point-in-time copy of the status + information for a Helm release, as managed by the controller. properties: apiVersion: - description: |- - APIVersion is the API version of the Snapshot. - Provisional: when the calculation method of the Digest field is changed, - this field will be used to distinguish between the old and new methods. - type: string - appVersion: - description: AppVersion is the chart app version of the release - object in storage. + description: 'APIVersion is the API version of the Snapshot. + Provisional: when the calculation method of the Digest field + is changed, this field will be used to distinguish between + the old and new methods.' type: string chartName: description: ChartName is the chart name of the release object in storage. type: string chartVersion: - description: |- - ChartVersion is the chart version of the release object in - storage. + description: ChartVersion is the chart version of the release + object in storage. type: string configDigest: - description: |- - ConfigDigest is the checksum of the config (better known as - "values") of the release object in storage. - It has the format of `:`. + description: ConfigDigest is the checksum of the config (better + known as "values") of the release object in storage. It has + the format of `:`. type: string deleted: description: Deleted is when the release was deleted. format: date-time type: string digest: - description: |- - Digest is the checksum of the release object in storage. - It has the format of `:`. + description: Digest is the checksum of the release object in + storage. It has the format of `:`. type: string firstDeployed: description: FirstDeployed is when the release was first deployed. @@ -1159,18 +1009,13 @@ spec: description: Namespace is the namespace the release is deployed to. type: string - ociDigest: - description: OCIDigest is the digest of the OCI artifact associated - with the release. - type: string status: description: Status is the current state of the release. type: string testHooks: additionalProperties: - description: |- - TestHookStatus holds the status information for a test hook as observed - to be run by the controller. + description: TestHookStatus holds the status information for + a test hook as observed to be run by the controller. properties: lastCompleted: description: LastCompleted is the time the test hook last @@ -1186,9 +1031,8 @@ spec: description: Phase the test hook was observed to be in. type: string type: object - description: |- - TestHooks is the list of test hooks for the release as observed to be - run by the controller. + description: TestHooks is the list of test hooks for the release + as observed to be run by the controller. type: object version: description: Version is the version of the release object in @@ -1208,108 +1052,79 @@ spec: type: object type: array installFailures: - description: |- - InstallFailures is the install failure count against the latest desired - state. It is reset after a successful reconciliation. + description: InstallFailures is the install failure count against + the latest desired state. It is reset after a successful reconciliation. format: int64 type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully + applied source. + type: string lastAttemptedConfigDigest: - description: |- - LastAttemptedConfigDigest is the digest for the config (better known as - "values") of the last reconciliation attempt. + description: "LastAttemptedConfigDigest is the digest for the config + (better known as \"values\") of the last reconciliation attempt. + \n Note: this field is provisional to the v2beta2 API, and not actively + used by v2beta1 HelmReleases." type: string lastAttemptedGeneration: - description: |- - LastAttemptedGeneration is the last generation the controller attempted - to reconcile. + description: "LastAttemptedGeneration is the last generation the controller + attempted to reconcile. \n Note: this field is provisional to the + v2beta2 API, and not actively used by v2beta1 HelmReleases." format: int64 type: integer lastAttemptedReleaseAction: - description: |- - LastAttemptedReleaseAction is the last release action performed for this - HelmRelease. It is used to determine the active retry or remediation - strategy. - enum: - - install - - upgrade - type: string - lastAttemptedReleaseActionDuration: - description: |- - LastAttemptedReleaseActionDuration is the duration of the last - release action performed for this HelmRelease. + description: "LastAttemptedReleaseAction is the last release action + performed for this HelmRelease. It is used to determine the active + remediation strategy. \n Note: this field is provisional to the + v2beta2 API, and not actively used by v2beta1 HelmReleases." type: string lastAttemptedRevision: - description: |- - LastAttemptedRevision is the Source revision of the last reconciliation - attempt. For OCIRepository sources, the 12 first characters of the digest are - appended to the chart version e.g. "1.2.3+1234567890ab". - type: string - lastAttemptedRevisionDigest: - description: |- - LastAttemptedRevisionDigest is the digest of the last reconciliation attempt. - This is only set for OCIRepository sources. + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. type: string lastAttemptedValuesChecksum: - description: |- - LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last - reconciliation attempt. - - Deprecated: Use LastAttemptedConfigDigest instead. + description: LastAttemptedValuesChecksum is the SHA1 checksum of the + values of the last reconciliation attempt. type: string lastHandledForceAt: - description: |- - LastHandledForceAt holds the value of the most recent - force request value, so a change of the annotation value - can be detected. + description: "LastHandledForceAt holds the value of the most recent + force request value, so a change of the annotation value can be + detected. \n Note: this field is provisional to the v2beta2 API, + and not actively used by v2beta1 HelmReleases." type: string lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string lastHandledResetAt: - description: |- - LastHandledResetAt holds the value of the most recent reset request - value, so a change of the annotation value can be detected. + description: "LastHandledResetAt holds the value of the most recent + reset request value, so a change of the annotation value can be + detected. \n Note: this field is provisional to the v2beta2 API, + and not actively used by v2beta1 HelmReleases." type: string lastReleaseRevision: - description: |- - LastReleaseRevision is the revision of the last successful Helm release. - - Deprecated: Use History instead. + description: LastReleaseRevision is the revision of the last successful + Helm release. type: integer - observedCommonMetadataDigest: - description: |- - ObservedCommonMetadataDigest is the digest for the common metadata of - the last successful reconciliation attempt. - type: string observedGeneration: description: ObservedGeneration is the last observed generation. format: int64 type: integer - observedPostRenderersDigest: - description: |- - ObservedPostRenderersDigest is the digest for the post-renderers of - the last successful reconciliation attempt. - type: string storageNamespace: - description: |- - StorageNamespace is the namespace of the Helm release storage for the - current release. - maxLength: 63 - minLength: 1 + description: "StorageNamespace is the namespace of the Helm release + storage for the current release. \n Note: this field is provisional + to the v2beta2 API, and not actively used by v2beta1 HelmReleases." type: string upgradeFailures: - description: |- - UpgradeFailures is the upgrade failure count against the latest desired - state. It is reset after a successful reconciliation. + description: UpgradeFailures is the upgrade failure count against + the latest desired state. It is reset after a successful reconciliation. format: int64 type: integer type: object type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -1322,27 +1137,20 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - deprecated: true - deprecationWarning: v2beta2 HelmRelease is deprecated, upgrade to v2 name: v2beta2 schema: openAPIV3Schema: description: HelmRelease is the Schema for the helmreleases API properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1350,9 +1158,8 @@ spec: description: HelmReleaseSpec defines the desired state of a Helm release. properties: chart: - description: |- - Chart defines the template of the v1beta2.HelmChart that should be created - for this HelmRelease. + description: Chart defines the template of the v1beta2.HelmChart that + should be created for this HelmRelease. properties: metadata: description: ObjectMeta holds the template for metadata like labels @@ -1361,19 +1168,18 @@ spec: annotations: additionalProperties: type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' type: object labels: additionalProperties: type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' type: object type: object spec: @@ -1386,23 +1192,17 @@ spec: maxLength: 2048 minLength: 1 type: string - ignoreMissingValuesFiles: - description: IgnoreMissingValuesFiles controls whether to - silently ignore missing values files rather than failing. - type: boolean interval: - description: |- - Interval at which to check the v1.Source for updates. Defaults to - 'HelmReleaseSpec.Interval'. + description: Interval at which to check the v1.Source for + updates. Defaults to 'HelmReleaseSpec.Interval'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string reconcileStrategy: default: ChartVersion - description: |- - Determines what enables the creation of a new artifact. Valid values are - ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their behavior. - Defaults to ChartVersion when omitted. + description: Determines what enables the creation of a new + artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on + their behavior. Defaults to ChartVersion when omitted. enum: - ChartVersion - Revision @@ -1432,33 +1232,31 @@ spec: minLength: 1 type: string required: - - kind - name type: object valuesFile: - description: |- - Alternative values file to use as the default chart values, expected to - be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, - for backwards compatibility the file defined here is merged before the - ValuesFiles items. Ignored when omitted. + description: Alternative values file to use as the default + chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file defined here is merged before the ValuesFiles items. + Ignored when omitted. type: string valuesFiles: - description: |- - Alternative list of values files to use as the chart values (values.yaml - is not included by default), expected to be a relative path in the SourceRef. - Values files are merged in the order of this list with the last file overriding + description: Alternative list of values files to use as the + chart values (values.yaml is not included by default), expected + to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding the first. Ignored when omitted. items: type: string type: array verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. - This field is only supported for OCI sources. - Chart dependencies, which are not bundled in the umbrella chart artifact, - are not verified. + description: Verify contains the secret name containing the + trusted public keys used to verify the signature and specifies + which provider to use to check whether OCI image is authentic. + This field is only supported for OCI sources. Chart dependencies, + which are not bundled in the umbrella chart artifact, are + not verified. properties: provider: default: cosign @@ -1466,12 +1264,10 @@ spec: sign the OCI Helm chart. enum: - cosign - - notation type: string secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. + description: SecretRef specifies the Kubernetes Secret + containing the trusted public keys. properties: name: description: Name of the referent. @@ -1484,9 +1280,9 @@ spec: type: object version: default: '*' - description: |- - Version semver expression, ignored for charts from v1beta2.GitRepository and - v1beta2.Bucket sources. Defaults to latest when omitted. + description: Version semver expression, ignored for charts + from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults + to latest when omitted. type: string required: - chart @@ -1495,48 +1291,13 @@ spec: required: - spec type: object - chartRef: - description: |- - ChartRef holds a reference to a source controller resource containing the - Helm chart artifact. - - Note: this field is provisional to the v2 API, and not actively used - by v2beta2 HelmReleases. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - HelmChart - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: |- - Namespace of the referent, defaults to the namespace of the Kubernetes - resource object that contains the reference. - maxLength: 63 - minLength: 1 - type: string - required: - - kind - - name - type: object dependsOn: - description: |- - DependsOn may contain a meta.NamespacedObjectReference slice with - references to HelmRelease resources that must be ready before this HelmRelease - can be reconciled. + description: DependsOn may contain a meta.NamespacedObjectReference + slice with references to HelmRelease resources that must be ready + before this HelmRelease can be reconciled. items: - description: |- - NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any - namespace. + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. properties: name: description: Name of the referent. @@ -1550,57 +1311,50 @@ spec: type: object type: array driftDetection: - description: |- - DriftDetection holds the configuration for detecting and handling - differences between the manifest in the Helm storage and the resources - currently existing in the cluster. + description: DriftDetection holds the configuration for detecting + and handling differences between the manifest in the Helm storage + and the resources currently existing in the cluster. properties: ignore: - description: |- - Ignore contains a list of rules for specifying which changes to ignore - during diffing. + description: Ignore contains a list of rules for specifying which + changes to ignore during diffing. items: - description: |- - IgnoreRule defines a rule to selectively disregard specific changes during - the drift detection process. + description: IgnoreRule defines a rule to selectively disregard + specific changes during the drift detection process. properties: paths: - description: |- - Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from - consideration in a Kubernetes object. + description: Paths is a list of JSON Pointer (RFC 6901) + paths to be excluded from consideration in a Kubernetes + object. items: type: string type: array target: - description: |- - Target is a selector for specifying Kubernetes objects to which this - rule applies. - If Target is not set, the Paths will be ignored for all Kubernetes - objects within the manifest of the Helm release. + description: Target is a selector for specifying Kubernetes + objects to which this rule applies. If Target is not set, + the Paths will be ignored for all Kubernetes objects within + the manifest of the Helm release. properties: annotationSelector: - description: |- - AnnotationSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: AnnotationSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. type: string group: - description: |- - Group is the API group to select resources from. - Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + description: Group is the API group to select resources + from. Together with Version and Kind it is capable + of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string kind: - description: |- - Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. + description: Kind of the API Group to select resources + from. Together with Group and Version it is capable + of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string labelSelector: - description: |- - LabelSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. type: string name: @@ -1610,9 +1364,9 @@ spec: description: Namespace to select resources from. type: string version: - description: |- - Version of the API Group to select resources from. - Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + description: Version of the API Group to select resources + from. Together with Group and Kind it is capable of + unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string type: object @@ -1621,10 +1375,9 @@ spec: type: object type: array mode: - description: |- - Mode defines how differences should be handled between the Helm manifest - and the manifest currently applied to the cluster. - If not explicitly set, it defaults to DiffModeDisabled. + description: Mode defines how differences should be handled between + the Helm manifest and the manifest currently applied to the + cluster. If not explicitly set, it defaults to DiffModeDisabled. enum: - enabled - warn @@ -1636,93 +1389,82 @@ spec: for this HelmRelease. properties: crds: - description: |- - CRDs upgrade CRDs from the Helm Chart's crds directory according - to the CRD upgrade policy provided here. Valid values are `Skip`, - `Create` or `CreateReplace`. Default is `Create` and if omitted - CRDs are installed but not updated. - - Skip: do neither install nor replace (update) any CRDs. - - Create: new CRDs are created, existing CRDs are neither updated nor deleted. - - CreateReplace: new CRDs are created, existing CRDs are updated (replaced) - but not deleted. - - By default, CRDs are applied (installed) during Helm install action. - With this option users can opt in to CRD replace existing CRDs on Helm + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Create` + and if omitted CRDs are installed but not updated. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are applied (installed) during Helm install action. With this + option users can opt in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions. + https://helm.sh/docs/chart_best_practices/custom_resource_definitions." enum: - Skip - Create - CreateReplace type: string createNamespace: - description: |- - CreateNamespace tells the Helm install action to create the - HelmReleaseSpec.TargetNamespace if it does not exist yet. - On uninstall, the namespace will not be garbage collected. + description: CreateNamespace tells the Helm install action to + create the HelmReleaseSpec.TargetNamespace if it does not exist + yet. On uninstall, the namespace will not be garbage collected. type: boolean disableHooks: description: DisableHooks prevents hooks from running during the Helm install action. type: boolean disableOpenAPIValidation: - description: |- - DisableOpenAPIValidation prevents the Helm install action from validating - rendered templates against the Kubernetes OpenAPI Schema. + description: DisableOpenAPIValidation prevents the Helm install + action from validating rendered templates against the Kubernetes + OpenAPI Schema. type: boolean disableWait: - description: |- - DisableWait disables the waiting for resources to be ready after a Helm - install has been performed. + description: DisableWait disables the waiting for resources to + be ready after a Helm install has been performed. type: boolean disableWaitForJobs: - description: |- - DisableWaitForJobs disables waiting for jobs to complete after a Helm - install has been performed. + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm install has been performed. type: boolean remediation: - description: |- - Remediation holds the remediation configuration for when the Helm install - action for the HelmRelease fails. The default is to not perform any action. + description: Remediation holds the remediation configuration for + when the Helm install action for the HelmRelease fails. The + default is to not perform any action. properties: ignoreTestFailures: - description: |- - IgnoreTestFailures tells the controller to skip remediation when the Helm - tests are run after an install action but fail. Defaults to - 'Test.IgnoreFailures'. + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an install + action but fail. Defaults to 'Test.IgnoreFailures'. type: boolean remediateLastFailure: - description: |- - RemediateLastFailure tells the controller to remediate the last failure, when - no retries remain. Defaults to 'false'. + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false'. type: boolean retries: - description: |- - Retries is the number of retries that should be attempted on failures before - bailing. Remediation, using an uninstall, is performed between each attempt. - Defaults to '0', a negative integer equals to unlimited retries. + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + an uninstall, is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. type: integer type: object replace: - description: |- - Replace tells the Helm install action to re-use the 'ReleaseName', but only - if that name is a deleted release which remains in the history. + description: Replace tells the Helm install action to re-use the + 'ReleaseName', but only if that name is a deleted release which + remains in the history. type: boolean skipCRDs: - description: |- - SkipCRDs tells the Helm install action to not install any CRDs. By default, - CRDs are installed if not already present. - - Deprecated use CRD policy (`crds`) attribute with value `Skip` instead. + description: "SkipCRDs tells the Helm install action to not install + any CRDs. By default, CRDs are installed if not already present. + \n Deprecated use CRD policy (`crds`) attribute with value `Skip` + instead." type: boolean timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm install action. Defaults to - 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object @@ -1731,63 +1473,22 @@ spec: pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string kubeConfig: - description: |- - KubeConfig for reconciling the HelmRelease on a remote cluster. - When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at the - target cluster. - If the --default-service-account flag is set, its value will be used as - a controller level fallback for when HelmReleaseSpec.ServiceAccountName + description: KubeConfig for reconciling the HelmRelease on a remote + cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, + forces the controller to act on behalf of that Service Account at + the target cluster. If the --default-service-account flag is set, + its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName is empty. properties: - configMapRef: - description: |- - ConfigMapRef holds an optional name of a ConfigMap that contains - the following keys: - - - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or - `generic`. Required. - - `cluster`: the fully qualified resource name of the Kubernetes - cluster in the cloud provider API. Not used by the `generic` - provider. Required when one of `address` or `ca.crt` is not set. - - `address`: the address of the Kubernetes API server. Required - for `generic`. For the other providers, if not specified, the - first address in the cluster resource will be used, and if - specified, it must match one of the addresses in the cluster - resource. - If audiences is not set, will be used as the audience for the - `generic` provider. - - `ca.crt`: the optional PEM-encoded CA certificate for the - Kubernetes API server. If not set, the controller will use the - CA certificate from the cluster resource. - - `audiences`: the optional audiences as a list of - line-break-separated strings for the Kubernetes ServiceAccount - token. Defaults to the `address` for the `generic` provider, or - to specific values for the other providers depending on the - provider. - - `serviceAccountName`: the optional name of the Kubernetes - ServiceAccount in the same namespace that should be used - for authentication. If not specified, the controller - ServiceAccount will be used. - - Mutually exclusive with SecretRef. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object secretRef: - description: |- - SecretRef holds an optional name of a secret that contains a key with - the kubeconfig file as the value. If no key is set, the key will default - to 'value'. Mutually exclusive with ConfigMapRef. - It is recommended that the kubeconfig is self-contained, and the secret - is regularly updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without adding - binaries and credentials to the Pod that is responsible for reconciling - Kubernetes resources. Supported only for the generic provider. + description: SecretRef holds the name of a secret that contains + a key with the kubeconfig file as the value. If no key is set, + the key will default to 'value'. It is recommended that the + kubeconfig is self-contained, and the secret is regularly updated + if credentials such as a cloud-access-token expire. Cloud specific + `cmd-path` auth helpers will not function without adding binaries + and credentials to the Pod that is responsible for reconciling + Kubernetes resources. properties: key: description: Key in the Secret, when not specified an implementation-specific @@ -1799,37 +1500,28 @@ spec: required: - name type: object + required: + - secretRef type: object - x-kubernetes-validations: - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: has(self.configMapRef) || has(self.secretRef) - - message: exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef - must be specified - rule: '!has(self.configMapRef) || !has(self.secretRef)' maxHistory: - description: |- - MaxHistory is the number of revisions saved by Helm for this HelmRelease. - Use '0' for an unlimited number of revisions; defaults to '5'. + description: MaxHistory is the number of revisions saved by Helm for + this HelmRelease. Use '0' for an unlimited number of revisions; + defaults to '5'. type: integer persistentClient: - description: |- - PersistentClient tells the controller to use a persistent Kubernetes - client for this release. When enabled, the client will be reused for the - duration of the reconciliation, instead of being created and destroyed - for each (step of a) Helm action. - - This can improve performance, but may cause issues with some Helm charts + description: "PersistentClient tells the controller to use a persistent + Kubernetes client for this release. When enabled, the client will + be reused for the duration of the reconciliation, instead of being + created and destroyed for each (step of a) Helm action. \n This + can improve performance, but may cause issues with some Helm charts that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed to be - available by e.g. post-install hooks. - - If not set, it defaults to true. + outside Helm's CRD lifecycle hooks, which are then not observed + to be available by e.g. post-install hooks. \n If not set, it defaults + to true." type: boolean postRenderers: - description: |- - PostRenderers holds an array of Helm PostRenderers, which will be applied in order - of their definition. + description: PostRenderers holds an array of Helm PostRenderers, which + will be applied in order of their definition. items: description: PostRenderer contains a Helm PostRenderer specification. properties: @@ -1837,19 +1529,19 @@ spec: description: Kustomization to apply as PostRenderer. properties: images: - description: |- - Images is a list of (image name, new name, new tag or digest) - for changing image names, tags or digests. This can also be achieved with a - patch, but this operator is simpler to specify. + description: Images is a list of (image name, new name, + new tag or digest) for changing image names, tags or digests. + This can also be achieved with a patch, but this operator + is simpler to specify. items: description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. properties: digest: - description: |- - Digest is the value used to replace the original image tag. - If digest is present NewTag value is ignored. + description: Digest is the value used to replace the + original image tag. If digest is present NewTag + value is ignored. type: string name: description: Name is a tag-less image name. @@ -1867,46 +1559,43 @@ spec: type: object type: array patches: - description: |- - Strategic merge and JSON patches, defined as inline YAML objects, - capable of targeting objects based on kind, label and annotation selectors. + description: Strategic merge and JSON patches, defined as + inline YAML objects, capable of targeting objects based + on kind, label and annotation selectors. items: - description: |- - Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should - be applied to. + description: Patch contains an inline StrategicMerge or + JSON6902 patch, and the target the patch should be applied + to. properties: patch: - description: |- - Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with - an array of operation objects. + description: Patch contains an inline StrategicMerge + patch or an inline JSON6902 patch with an array + of operation objects. type: string target: description: Target points to the resources that the patch document should be applied to. properties: annotationSelector: - description: |- - AnnotationSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. type: string group: - description: |- - Group is the API group to select resources from. - Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string kind: - description: |- - Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string labelSelector: - description: |- - LabelSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. type: string name: @@ -1916,10 +1605,10 @@ spec: description: Namespace to select resources from. type: string version: - description: |- - Version of the API Group to select resources from. - Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string type: object required: @@ -1927,10 +1616,8 @@ spec: type: object type: array patchesJson6902: - description: |- - JSON 6902 patches, defined as inline YAML objects. - - Deprecated: use Patches instead. + description: 'JSON 6902 patches, defined as inline YAML + objects. Deprecated: use Patches instead.' items: description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. @@ -1939,20 +1626,21 @@ spec: description: Patch contains the JSON6902 patch document with an array of operation objects. items: - description: |- - JSON6902 is a JSON6902 operation object. + description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 properties: from: - description: |- - From contains a JSON-pointer value that references a location within the target document where the operation is - performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations. + description: From contains a JSON-pointer value + that references a location within the target + document where the operation is performed. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. type: string op: - description: |- - Op indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or - "test". - https://datatracker.ietf.org/doc/html/rfc6902#section-4 + description: Op indicates the operation to perform. + Its value MUST be one of "add", "remove", + "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 enum: - test - remove @@ -1962,14 +1650,17 @@ spec: - copy type: string path: - description: |- - Path contains the JSON-pointer value that references a location within the target document where the operation - is performed. The meaning of the value depends on the value of Op. + description: Path contains the JSON-pointer + value that references a location within the + target document where the operation is performed. + The meaning of the value depends on the value + of Op. type: string value: - description: |- - Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into - account by all operations. + description: Value contains a valid JSON structure. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. x-kubernetes-preserve-unknown-fields: true required: - op @@ -1981,28 +1672,25 @@ spec: patch document should be applied to. properties: annotationSelector: - description: |- - AnnotationSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. type: string group: - description: |- - Group is the API group to select resources from. - Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string kind: - description: |- - Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string labelSelector: - description: |- - LabelSelector is a string that follows the label selection expression - https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. type: string name: @@ -2012,10 +1700,10 @@ spec: description: Namespace to select resources from. type: string version: - description: |- - Version of the API Group to select resources from. - Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md type: string type: object required: @@ -2024,10 +1712,8 @@ spec: type: object type: array patchesStrategicMerge: - description: |- - Strategic merge patches, defined as inline YAML objects. - - Deprecated: use Patches instead. + description: 'Strategic merge patches, defined as inline + YAML objects. Deprecated: use Patches instead.' items: x-kubernetes-preserve-unknown-fields: true type: array @@ -2035,9 +1721,8 @@ spec: type: object type: array releaseName: - description: |- - ReleaseName used for the Helm release. Defaults to a composition of - '[TargetNamespace-]Name'. + description: ReleaseName used for the Helm release. Defaults to a + composition of '[TargetNamespace-]Name'. maxLength: 53 minLength: 1 type: string @@ -2046,23 +1731,20 @@ spec: for this HelmRelease. properties: cleanupOnFail: - description: |- - CleanupOnFail allows deletion of new resources created during the Helm - rollback action when it fails. + description: CleanupOnFail allows deletion of new resources created + during the Helm rollback action when it fails. type: boolean disableHooks: description: DisableHooks prevents hooks from running during the Helm rollback action. type: boolean disableWait: - description: |- - DisableWait disables the waiting for resources to be ready after a Helm - rollback has been performed. + description: DisableWait disables the waiting for resources to + be ready after a Helm rollback has been performed. type: boolean disableWaitForJobs: - description: |- - DisableWaitForJobs disables waiting for jobs to complete after a Helm - rollback has been performed. + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm rollback has been performed. type: boolean force: description: Force forces resource updates through a replacement @@ -2073,36 +1755,32 @@ spec: applicable. type: boolean timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm rollback action. Defaults to - 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object serviceAccountName: - description: |- - The name of the Kubernetes service account to impersonate + description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. maxLength: 253 minLength: 1 type: string storageNamespace: - description: |- - StorageNamespace used for the Helm storage. - Defaults to the namespace of the HelmRelease. + description: StorageNamespace used for the Helm storage. Defaults + to the namespace of the HelmRelease. maxLength: 63 minLength: 1 type: string suspend: - description: |- - Suspend tells the controller to suspend reconciliation for this HelmRelease, - it does not apply to already started reconciliations. Defaults to false. + description: Suspend tells the controller to suspend reconciliation + for this HelmRelease, it does not apply to already started reconciliations. + Defaults to false. type: boolean targetNamespace: - description: |- - TargetNamespace to target when performing operations for the HelmRelease. - Defaults to the namespace of the HelmRelease. + description: TargetNamespace to target when performing operations + for the HelmRelease. Defaults to the namespace of the HelmRelease. maxLength: 63 minLength: 1 type: string @@ -2111,9 +1789,8 @@ spec: this HelmRelease. properties: enable: - description: |- - Enable enables Helm test actions for this HelmRelease after an Helm install - or upgrade action has been performed. + description: Enable enables Helm test actions for this HelmRelease + after an Helm install or upgrade action has been performed. type: boolean filters: description: Filters is a list of tests to run or exclude from @@ -2136,22 +1813,22 @@ spec: type: object type: array ignoreFailures: - description: |- - IgnoreFailures tells the controller to skip remediation when the Helm tests - are run but fail. Can be overwritten for tests run after install or upgrade - actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. + description: IgnoreFailures tells the controller to skip remediation + when the Helm tests are run but fail. Can be overwritten for + tests run after install or upgrade actions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. type: boolean timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation during - the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation during the performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like Jobs - for hooks) during the performance of a Helm action. Defaults to '5m0s'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a Helm + action. Defaults to '5m0s'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string uninstall: @@ -2160,9 +1837,8 @@ spec: properties: deletionPropagation: default: background - description: |- - DeletionPropagation specifies the deletion propagation policy when - a Helm uninstall is performed. + description: DeletionPropagation specifies the deletion propagation + policy when a Helm uninstall is performed. enum: - background - foreground @@ -2173,20 +1849,17 @@ spec: Helm rollback action. type: boolean disableWait: - description: |- - DisableWait disables waiting for all the resources to be deleted after - a Helm uninstall is performed. + description: DisableWait disables waiting for all the resources + to be deleted after a Helm uninstall is performed. type: boolean keepHistory: - description: |- - KeepHistory tells Helm to remove all associated resources and mark the - release as deleted, but retain the release history. + description: KeepHistory tells Helm to remove all associated resources + and mark the release as deleted, but retain the release history. type: boolean timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm uninstall action. Defaults - to 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object @@ -2195,27 +1868,21 @@ spec: for this HelmRelease. properties: cleanupOnFail: - description: |- - CleanupOnFail allows deletion of new resources created during the Helm - upgrade action when it fails. + description: CleanupOnFail allows deletion of new resources created + during the Helm upgrade action when it fails. type: boolean crds: - description: |- - CRDs upgrade CRDs from the Helm Chart's crds directory according - to the CRD upgrade policy provided here. Valid values are `Skip`, - `Create` or `CreateReplace`. Default is `Skip` and if omitted - CRDs are neither installed nor upgraded. - - Skip: do neither install nor replace (update) any CRDs. - - Create: new CRDs are created, existing CRDs are neither updated nor deleted. - - CreateReplace: new CRDs are created, existing CRDs are updated (replaced) - but not deleted. - - By default, CRDs are not applied during Helm upgrade action. With this - option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions. + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and + if omitted CRDs are neither installed nor upgraded. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are not applied during Helm upgrade action. With this option + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." enum: - Skip - Create @@ -2226,51 +1893,47 @@ spec: Helm upgrade action. type: boolean disableOpenAPIValidation: - description: |- - DisableOpenAPIValidation prevents the Helm upgrade action from validating - rendered templates against the Kubernetes OpenAPI Schema. + description: DisableOpenAPIValidation prevents the Helm upgrade + action from validating rendered templates against the Kubernetes + OpenAPI Schema. type: boolean disableWait: - description: |- - DisableWait disables the waiting for resources to be ready after a Helm - upgrade has been performed. + description: DisableWait disables the waiting for resources to + be ready after a Helm upgrade has been performed. type: boolean disableWaitForJobs: - description: |- - DisableWaitForJobs disables waiting for jobs to complete after a Helm - upgrade has been performed. + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm upgrade has been performed. type: boolean force: description: Force forces resource updates through a replacement strategy. type: boolean preserveValues: - description: |- - PreserveValues will make Helm reuse the last release's values and merge in - overrides from 'Values'. Setting this flag makes the HelmRelease - non-declarative. + description: PreserveValues will make Helm reuse the last release's + values and merge in overrides from 'Values'. Setting this flag + makes the HelmRelease non-declarative. type: boolean remediation: - description: |- - Remediation holds the remediation configuration for when the Helm upgrade - action for the HelmRelease fails. The default is to not perform any action. + description: Remediation holds the remediation configuration for + when the Helm upgrade action for the HelmRelease fails. The + default is to not perform any action. properties: ignoreTestFailures: - description: |- - IgnoreTestFailures tells the controller to skip remediation when the Helm - tests are run after an upgrade action but fail. - Defaults to 'Test.IgnoreFailures'. + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an upgrade + action but fail. Defaults to 'Test.IgnoreFailures'. type: boolean remediateLastFailure: - description: |- - RemediateLastFailure tells the controller to remediate the last failure, when - no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. type: boolean retries: - description: |- - Retries is the number of retries that should be attempted on failures before - bailing. Remediation, using 'Strategy', is performed between each attempt. - Defaults to '0', a negative integer equals to unlimited retries. + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + 'Strategy', is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. type: integer strategy: description: Strategy to use for failure remediation. Defaults @@ -2281,10 +1944,9 @@ spec: type: string type: object timeout: - description: |- - Timeout is the time to wait for any individual Kubernetes operation (like - Jobs for hooks) during the performance of a Helm upgrade action. Defaults to - 'HelmReleaseSpec.Timeout'. + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string type: object @@ -2292,13 +1954,13 @@ spec: description: Values holds the values for this Helm release. x-kubernetes-preserve-unknown-fields: true valuesFrom: - description: |- - ValuesFrom holds references to resources containing Helm values for this HelmRelease, - and information about how they should be merged. + description: ValuesFrom holds references to resources containing Helm + values for this HelmRelease, and information about how they should + be merged. items: - description: |- - ValuesReference contains a reference to a resource containing Helm values, - and optionally the key they can be found at. + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be found + at. properties: kind: description: Kind of the values referent, valid values are ('Secret', @@ -2308,30 +1970,28 @@ spec: - ConfigMap type: string name: - description: |- - Name of the values referent. Should reside in the same namespace as the - referring resource. + description: Name of the values referent. Should reside in the + same namespace as the referring resource. maxLength: 253 minLength: 1 type: string optional: - description: |- - Optional marks this ValuesReference as optional. When set, a not found error - for the values reference is ignored, but any ValuesKey, TargetPath or - transient error will still result in a reconciliation failure. + description: Optional marks this ValuesReference as optional. + When set, a not found error for the values reference is ignored, + but any ValuesKey, TargetPath or transient error will still + result in a reconciliation failure. type: boolean targetPath: - description: |- - TargetPath is the YAML dot notation path the value should be merged at. When - set, the ValuesKey is expected to be a single flat value. Defaults to 'None', - which results in the values getting merged at the root. + description: TargetPath is the YAML dot notation path the value + should be merged at. When set, the ValuesKey is expected to + be a single flat value. Defaults to 'None', which results + in the values getting merged at the root. maxLength: 250 pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ type: string valuesKey: - description: |- - ValuesKey is the data key where the values.yaml or a specific value can be - found at. Defaults to 'values.yaml'. + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. maxLength: 253 pattern: ^[\-._a-zA-Z0-9]+$ type: string @@ -2341,12 +2001,9 @@ spec: type: object type: array required: + - chart - interval type: object - x-kubernetes-validations: - - message: either chart or chartRef must be set - rule: (has(self.chart) && !has(self.chartRef)) || (!has(self.chart) - && has(self.chartRef)) status: default: observedGeneration: -1 @@ -2355,35 +2012,43 @@ spec: conditions: description: Conditions holds the conditions for the HelmRelease. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -2398,6 +2063,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -2410,58 +2079,47 @@ spec: type: object type: array failures: - description: |- - Failures is the reconciliation failure count against the latest desired - state. It is reset after a successful reconciliation. + description: Failures is the reconciliation failure count against + the latest desired state. It is reset after a successful reconciliation. format: int64 type: integer helmChart: - description: |- - HelmChart is the namespaced name of the HelmChart resource created by - the controller for the HelmRelease. + description: HelmChart is the namespaced name of the HelmChart resource + created by the controller for the HelmRelease. type: string history: - description: |- - History holds the history of Helm releases performed for this HelmRelease - up to the last successfully completed release. + description: History holds the history of Helm releases performed + for this HelmRelease up to the last successfully completed release. items: - description: |- - Snapshot captures a point-in-time copy of the status information for a Helm release, - as managed by the controller. + description: Snapshot captures a point-in-time copy of the status + information for a Helm release, as managed by the controller. properties: apiVersion: - description: |- - APIVersion is the API version of the Snapshot. - Provisional: when the calculation method of the Digest field is changed, - this field will be used to distinguish between the old and new methods. - type: string - appVersion: - description: AppVersion is the chart app version of the release - object in storage. + description: 'APIVersion is the API version of the Snapshot. + Provisional: when the calculation method of the Digest field + is changed, this field will be used to distinguish between + the old and new methods.' type: string chartName: description: ChartName is the chart name of the release object in storage. type: string chartVersion: - description: |- - ChartVersion is the chart version of the release object in - storage. + description: ChartVersion is the chart version of the release + object in storage. type: string configDigest: - description: |- - ConfigDigest is the checksum of the config (better known as - "values") of the release object in storage. - It has the format of `:`. + description: ConfigDigest is the checksum of the config (better + known as "values") of the release object in storage. It has + the format of `:`. type: string deleted: description: Deleted is when the release was deleted. format: date-time type: string digest: - description: |- - Digest is the checksum of the release object in storage. - It has the format of `:`. + description: Digest is the checksum of the release object in + storage. It has the format of `:`. type: string firstDeployed: description: FirstDeployed is when the release was first deployed. @@ -2478,18 +2136,13 @@ spec: description: Namespace is the namespace the release is deployed to. type: string - ociDigest: - description: OCIDigest is the digest of the OCI artifact associated - with the release. - type: string status: description: Status is the current state of the release. type: string testHooks: additionalProperties: - description: |- - TestHookStatus holds the status information for a test hook as observed - to be run by the controller. + description: TestHookStatus holds the status information for + a test hook as observed to be run by the controller. properties: lastCompleted: description: LastCompleted is the time the test hook last @@ -2505,9 +2158,8 @@ spec: description: Phase the test hook was observed to be in. type: string type: object - description: |- - TestHooks is the list of test hooks for the release as observed to be - run by the controller. + description: TestHooks is the list of test hooks for the release + as observed to be run by the controller. type: object version: description: Version is the version of the release object in @@ -2527,103 +2179,78 @@ spec: type: object type: array installFailures: - description: |- - InstallFailures is the install failure count against the latest desired - state. It is reset after a successful reconciliation. + description: InstallFailures is the install failure count against + the latest desired state. It is reset after a successful reconciliation. format: int64 type: integer lastAppliedRevision: - description: |- - LastAppliedRevision is the revision of the last successfully applied - source. - - Deprecated: the revision can now be found in the History. + description: 'LastAppliedRevision is the revision of the last successfully + applied source. Deprecated: the revision can now be found in the + History.' type: string lastAttemptedConfigDigest: - description: |- - LastAttemptedConfigDigest is the digest for the config (better known as - "values") of the last reconciliation attempt. + description: LastAttemptedConfigDigest is the digest for the config + (better known as "values") of the last reconciliation attempt. type: string lastAttemptedGeneration: - description: |- - LastAttemptedGeneration is the last generation the controller attempted - to reconcile. + description: LastAttemptedGeneration is the last generation the controller + attempted to reconcile. format: int64 type: integer lastAttemptedReleaseAction: - description: |- - LastAttemptedReleaseAction is the last release action performed for this - HelmRelease. It is used to determine the active remediation strategy. + description: LastAttemptedReleaseAction is the last release action + performed for this HelmRelease. It is used to determine the active + remediation strategy. enum: - install - upgrade type: string lastAttemptedRevision: - description: |- - LastAttemptedRevision is the Source revision of the last reconciliation - attempt. For OCIRepository sources, the 12 first characters of the digest are - appended to the chart version e.g. "1.2.3+1234567890ab". - type: string - lastAttemptedRevisionDigest: - description: |- - LastAttemptedRevisionDigest is the digest of the last reconciliation attempt. - This is only set for OCIRepository sources. + description: LastAttemptedRevision is the Source revision of the last + reconciliation attempt. type: string lastAttemptedValuesChecksum: - description: |- - LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last - reconciliation attempt. - - Deprecated: Use LastAttemptedConfigDigest instead. + description: 'LastAttemptedValuesChecksum is the SHA1 checksum for + the values of the last reconciliation attempt. Deprecated: Use LastAttemptedConfigDigest + instead.' type: string lastHandledForceAt: - description: |- - LastHandledForceAt holds the value of the most recent force request - value, so a change of the annotation value can be detected. + description: LastHandledForceAt holds the value of the most recent + force request value, so a change of the annotation value can be + detected. type: string lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string lastHandledResetAt: - description: |- - LastHandledResetAt holds the value of the most recent reset request - value, so a change of the annotation value can be detected. + description: LastHandledResetAt holds the value of the most recent + reset request value, so a change of the annotation value can be + detected. type: string lastReleaseRevision: - description: |- - LastReleaseRevision is the revision of the last successful Helm release. - - Deprecated: Use History instead. + description: 'LastReleaseRevision is the revision of the last successful + Helm release. Deprecated: Use History instead.' type: integer observedGeneration: description: ObservedGeneration is the last observed generation. format: int64 type: integer - observedPostRenderersDigest: - description: |- - ObservedPostRenderersDigest is the digest for the post-renderers of - the last successful reconciliation attempt. - type: string storageNamespace: - description: |- - StorageNamespace is the namespace of the Helm release storage for the - current release. + description: StorageNamespace is the namespace of the Helm release + storage for the current release. maxLength: 63 minLength: 1 type: string upgradeFailures: - description: |- - UpgradeFailures is the upgrade failure count against the latest desired - state. It is reset after a successful reconciliation. + description: UpgradeFailures is the upgrade failure count against + the latest desired state. It is reset after a successful reconciliation. format: int64 type: integer type: object type: object served: true - storage: false + storage: true subresources: status: {} - diff --git a/definitions/hub.traefik.io/apiaccess.yaml b/definitions/hub.traefik.io/apiaccess.yaml new file mode 100644 index 000000000..c15fc7a3b --- /dev/null +++ b/definitions/hub.traefik.io/apiaccess.yaml @@ -0,0 +1,193 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + name: apiaccesses.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: APIAccess + listKind: APIAccessList + plural: apiaccesses + singular: apiaccess + scope: Namespaced + versions: + - deprecated: true + deprecationWarning: APIAccess is deprecated in favor of APICatalogItems and ManagedSubscription + name: v1alpha1 + schema: + openAPIV3Schema: + description: APIAccess defines who can access to a set of APIs. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: The desired behavior of this APIAccess. + properties: + apiBundles: + description: |- + APIBundles defines a set of APIBundle that will be accessible to the configured audience. + Multiple APIAccesses can select the same APIBundles. + items: + description: APIBundleReference references an APIBundle. + properties: + name: + description: Name of the APIBundle. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apiBundles + rule: self.all(x, self.exists_one(y, x.name == y.name)) + apiPlan: + description: APIPlan defines which APIPlan will be used. + properties: + name: + description: Name of the APIPlan. + maxLength: 253 + type: string + required: + - name + type: object + apiSelector: + description: |- + APISelector selects the APIs that will be accessible to the configured audience. + Multiple APIAccesses can select the same set of APIs. + This field is optional and follows standard label selector semantics. + An empty APISelector matches any API. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + apis: + description: |- + APIs defines a set of APIs that will be accessible to the configured audience. + Multiple APIAccesses can select the same APIs. + When combined with APISelector, this set of APIs is appended to the matching APIs. + items: + description: APIReference references an API. + properties: + name: + description: Name of the API. + maxLength: 253 + type: string + required: + - name + type: object + maxItems: 100 + type: array + x-kubernetes-validations: + - message: duplicated apis + rule: self.all(x, self.exists_one(y, x.name == y.name)) + everyone: + description: Everyone indicates that all users will have access to + the selected APIs. + type: boolean + groups: + description: Groups are the consumer groups that will gain access + to the selected APIs. + items: + type: string + type: array + operationFilter: + description: |- + OperationFilter specifies the allowed operations on APIs and APIVersions. + If not set, all operations are available. + An empty OperationFilter prohibits all operations. + properties: + include: + description: Include defines the names of OperationSets that will + be accessible. + items: + type: string + maxItems: 100 + type: array + type: object + weight: + description: Weight specifies the evaluation order of the plan. + type: integer + x-kubernetes-validations: + - message: must be a positive number + rule: self >= 0 + type: object + x-kubernetes-validations: + - message: groups and everyone are mutually exclusive + rule: '(has(self.everyone) && has(self.groups)) ? !(self.everyone && + self.groups.size() > 0) : true' + status: + description: The current status of this APIAccess. + properties: + hash: + description: Hash is a hash representing the APIAccess. + type: string + syncedAt: + format: date-time + type: string + version: + type: string + type: object + type: object + served: true + storage: true + diff --git a/definitions/hub.traefik.io/edgeingress.yaml b/definitions/hub.traefik.io/edgeingress.yaml new file mode 100644 index 000000000..1fbe12a02 --- /dev/null +++ b/definitions/hub.traefik.io/edgeingress.yaml @@ -0,0 +1,116 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: edgeingresses.hub.traefik.io +spec: + group: hub.traefik.io + names: + kind: EdgeIngress + listKind: EdgeIngressList + plural: edgeingresses + singular: edgeingress + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.service.name + name: Service + type: string + - jsonPath: .spec.service.port + name: Port + type: string + - jsonPath: .spec.acp.name + name: ACP + priority: 1 + type: string + - jsonPath: .status.urls + name: URLs + type: string + - jsonPath: .status.connection + name: Connection + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: EdgeIngress defines an edge ingress. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: The desired behavior of this edge ingress. + properties: + acp: + description: EdgeIngressACP configures the ACP to use on the Ingress. + properties: + name: + type: string + required: + - name + type: object + customDomains: + description: CustomDomains are the custom domains for accessing the + exposed service. + items: + type: string + type: array + service: + description: EdgeIngressService configures the service to exposed + on the edge. + properties: + name: + type: string + port: + type: integer + required: + - name + - port + type: object + required: + - service + type: object + status: + description: The current status of this edge ingress. + properties: + connection: + description: Connection is the status of the underlying connection + to the edge. + type: string + customDomains: + description: CustomDomains are the custom domains for accessing the + exposed service. + items: + type: string + type: array + domain: + description: Domain is the Domain for accessing the exposed service. + type: string + specHash: + description: SpecHash is a hash representing the EdgeIngressSpec + type: string + syncedAt: + format: date-time + type: string + urls: + description: URLs is the list of coma separated URL for accessing + the exposed service. + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: {} + diff --git a/definitions/install.istio.io/istiooperator.yaml b/definitions/install.istio.io/istiooperator.yaml new file mode 100644 index 000000000..cbe0fd22c --- /dev/null +++ b/definitions/install.istio.io/istiooperator.yaml @@ -0,0 +1,47 @@ +# SYNC WITH manifests/charts/istio-operator/templates +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: istiooperators.install.istio.io + labels: + release: istio +spec: + conversion: + strategy: None + group: install.istio.io + names: + kind: IstioOperator + listKind: IstioOperatorList + plural: istiooperators + singular: istiooperator + shortNames: + - iop + - io + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Istio control plane revision + jsonPath: .spec.revision + name: Revision + type: string + - description: IOP current state + jsonPath: .status.status + name: Status + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true diff --git a/definitions/job.min.io/miniojob.yaml b/definitions/job.min.io/miniojob.yaml new file mode 100644 index 000000000..61ca8fcca --- /dev/null +++ b/definitions/job.min.io/miniojob.yaml @@ -0,0 +1,1203 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + operator.min.io/version: v6.0.4 + name: miniojobs.job.min.io +spec: + group: job.min.io + names: + kind: MinIOJob + listKind: MinIOJobList + plural: miniojobs + shortNames: + - miniojob + singular: miniojob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .status.message + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + commands: + items: + properties: + args: + additionalProperties: + type: string + type: object + command: + items: + type: string + type: array + dependsOn: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + name: + type: string + op: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: array + containerSecurityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + execution: + default: parallel + enum: + - parallel + - sequential + type: string + failureStrategy: + default: continueOnFailure + enum: + - continueOnFailure + - stopOnFailure + type: string + imagePullPolicy: + type: string + imagePullSecret: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + insecure: + type: boolean + mcImage: + default: quay.io/minio/mc:RELEASE.2024-10-02T08-27-28Z + type: string + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tenant: + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + required: + - commands + - serviceAccountName + - tenant + type: object + status: + properties: + commands: + items: + properties: + message: + type: string + name: + type: string + result: + type: string + required: + - result + type: object + type: array + message: + type: string + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/k6.io/k6.yaml b/definitions/k6.io/k6.yaml new file mode 100644 index 000000000..0f82d9daf --- /dev/null +++ b/definitions/k6.io/k6.yaml @@ -0,0 +1,5941 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: controller + helm.sh/chart: k6-operator-3.10.1 + app.kubernetes.io/name: k6-operator + app.kubernetes.io/instance: release + app.kubernetes.io/version: "0.0.18" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: k6-operator + + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + + name: k6s.k6.io +spec: + group: k6.io + names: + kind: K6 + listKind: K6List + plural: k6s + singular: k6 + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Stage + jsonPath: .status.stage + name: Stage + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.testRunId + name: TestRunID + type: string + deprecated: true + deprecationWarning: This CRD is deprecated in favor of testruns.k6.io + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + arguments: + type: string + cleanup: + enum: + - post + type: string + initializer: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: string + containerSecurityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + name: + type: string + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + type: array + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + parallelism: + format: int32 + type: integer + paused: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + quiet: + type: string + runner: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: string + containerSecurityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + name: + type: string + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + type: array + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + script: + properties: + configMap: + properties: + file: + type: string + name: + type: string + required: + - name + type: object + localFile: + type: string + volumeClaim: + properties: + file: + type: string + name: + type: string + readOnly: + type: boolean + required: + - name + type: object + type: object + scuttle: + properties: + disableLogging: + type: boolean + enabled: + type: string + envoyAdminApi: + type: string + genericQuitEndpoint: + type: string + istioQuitApi: + type: string + neverKillIstio: + type: boolean + neverKillIstioOnFailure: + type: boolean + quitWithoutEnvoyTimeout: + type: string + startWithoutEnvoy: + type: boolean + waitForEnvoyTimeout: + type: string + type: object + separate: + type: boolean + starter: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: string + containerSecurityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + name: + type: string + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + type: array + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + nodeSelector: + additionalProperties: + type: string + type: object + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + testRunId: + type: string + token: + type: string + required: + - parallelism + - script + type: object + status: + properties: + aggregationVars: + type: string + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + stage: + enum: + - initialization + - initialized + - created + - started + - stopped + - finished + - error + type: string + testRunId: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/k8up.io/effectiveschedule.yaml b/definitions/k8up.io/effectiveschedule.yaml new file mode 100644 index 000000000..4b74e8b61 --- /dev/null +++ b/definitions/k8up.io/effectiveschedule.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: effectiveschedules.k8up.io +spec: + group: k8up.io + names: + kind: EffectiveSchedule + listKind: EffectiveScheduleList + plural: effectiveschedules + singular: effectiveschedule + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Schedule Namespace + jsonPath: .spec.scheduleRefs[0].namespace + name: Schedule Namespace + type: string + - description: Schedule Name + jsonPath: .spec.scheduleRefs[0].name + name: Schedule Name + type: string + - description: Generated Schedule + jsonPath: .spec.generatedSchedule + name: Generated Schedule + type: string + - description: Job Type + jsonPath: .spec.jobType + name: Job Type + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: EffectiveSchedule is the Schema to persist schedules generated + from Randomized schedules. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EffectiveScheduleSpec defines the desired state of EffectiveSchedule + properties: + generatedSchedule: + description: GeneratedSchedule is the effective schedule that is added + to Cron + type: string + jobType: + description: JobType defines to which job type this schedule applies + type: string + originalSchedule: + description: OriginalSchedule is the original user-defined schedule + definition in the Schedule object. + type: string + scheduleRefs: + description: ScheduleRefs holds a list of schedules for which the + generated schedule applies to. The list may omit entries that aren't + generated from smart schedules. + items: + description: ScheduleRef represents a reference to a Schedule resource + properties: + name: + type: string + namespace: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} + diff --git a/definitions/kargo.akuity.io/promotionpolicy.yaml b/definitions/kargo.akuity.io/promotionpolicy.yaml new file mode 100644 index 000000000..9e289baa7 --- /dev/null +++ b/definitions/kargo.akuity.io/promotionpolicy.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: promotionpolicies.kargo.akuity.io +spec: + group: kargo.akuity.io + names: + kind: PromotionPolicy + listKind: PromotionPolicyList + plural: promotionpolicies + shortNames: + - promopolicy + - promopolicies + singular: promotionpolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PromotionPolicy specifies whether a given Stage is eligible for + auto-promotion to newly discovered Freight. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + enableAutoPromotion: + description: 'EnableAutoPromotion indicates whether new Freight can automatically + be promoted into the Stage referenced by the Stage field. Note: There + are other conditions also required for an auto-promotion to occur. Specifically, + there must be a single source of new Freight, so regardless of the value + of this field, an auto-promotion could never occur for a Stage subscribed + to MULTIPLE upstream Stages. This field defaults to false, but is commonly + set to true for Stages that subscribe to repositories instead of other, + upstream Stages. This allows users to define Stages that are automatically + updated as soon as new materials are detected.' + type: boolean + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + stage: + description: Stage references a Stage in the same project as this PromotionPolicy + to which this PromotionPolicy applies. + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - stage + type: object + served: true + storage: true + diff --git a/definitions/karpenter.sh/nodeclaim.yaml b/definitions/karpenter.sh/nodeclaim.yaml index 9372f7302..d9aafd2b7 100644 --- a/definitions/karpenter.sh/nodeclaim.yaml +++ b/definitions/karpenter.sh/nodeclaim.yaml @@ -3,13 +3,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: nodeclaims.karpenter.sh spec: group: karpenter.sh names: categories: - karpenter + - nap kind: NodeClaim listKind: NodeClaimList plural: nodeclaims @@ -35,14 +36,6 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - jsonPath: .status.imageID - name: ImageID - priority: 1 - type: string - - jsonPath: .status.providerID - name: ID - priority: 1 - type: string - jsonPath: .metadata.labels.karpenter\.sh/nodepool name: NodePool priority: 1 @@ -137,8 +130,8 @@ spec: rule: self in ["karpenter.sh/capacity-type", "karpenter.sh/nodepool"] || !self.find("^([^/]+)").endsWith("karpenter.sh") - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - - message: label domain "karpenter.k8s.aws" is restricted - rule: self in ["karpenter.k8s.aws/capacity-reservation-type", "karpenter.k8s.aws/capacity-reservation-id", "karpenter.k8s.aws/ec2nodeclass", "karpenter.k8s.aws/instance-encryption-in-transit-supported", "karpenter.k8s.aws/instance-category", "karpenter.k8s.aws/instance-hypervisor", "karpenter.k8s.aws/instance-family", "karpenter.k8s.aws/instance-generation", "karpenter.k8s.aws/instance-local-nvme", "karpenter.k8s.aws/instance-size", "karpenter.k8s.aws/instance-cpu", "karpenter.k8s.aws/instance-cpu-manufacturer", "karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz", "karpenter.k8s.aws/instance-memory", "karpenter.k8s.aws/instance-ebs-bandwidth", "karpenter.k8s.aws/instance-network-bandwidth", "karpenter.k8s.aws/instance-gpu-name", "karpenter.k8s.aws/instance-gpu-manufacturer", "karpenter.k8s.aws/instance-gpu-count", "karpenter.k8s.aws/instance-gpu-memory", "karpenter.k8s.aws/instance-accelerator-name", "karpenter.k8s.aws/instance-accelerator-manufacturer", "karpenter.k8s.aws/instance-accelerator-count", "karpenter.k8s.aws/instance-capability-flex"] || !self.find("^([^/]+)").endsWith("karpenter.k8s.aws") + - message: label domain "karpenter.azure.com" is restricted + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") minValues: description: |- This field is ALPHA and can be dropped or replaced at any time @@ -224,7 +217,9 @@ spec: minLength: 1 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$ timeAdded: - description: TimeAdded represents the time at which the taint was added. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: @@ -259,7 +254,9 @@ spec: minLength: 1 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$ timeAdded: - description: TimeAdded represents the time at which the taint was added. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: diff --git a/definitions/karpenter.sh/nodepool.yaml b/definitions/karpenter.sh/nodepool.yaml index 65b953e20..7890e67e6 100644 --- a/definitions/karpenter.sh/nodepool.yaml +++ b/definitions/karpenter.sh/nodepool.yaml @@ -3,13 +3,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.18.0 name: nodepools.karpenter.sh spec: group: karpenter.sh names: categories: - karpenter + - nap kind: NodePool listKind: NodePoolList plural: nodepools @@ -20,7 +21,7 @@ spec: - jsonPath: .spec.template.spec.nodeClassRef.name name: NodeClass type: string - - jsonPath: .status.nodes + - jsonPath: .status.resources.nodes name: Nodes type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status @@ -122,7 +123,6 @@ spec: - Empty - Drifted type: string - maxItems: 50 type: array schedule: description: |- @@ -145,7 +145,6 @@ spec: ConsolidateAfter is the duration the controller will wait before attempting to terminate nodes that are underutilized. Refer to ConsolidationPolicy for how underutilization is considered. - When replicas is set, ConsolidateAfter is simply ignored pattern: ^(([0-9]+(s|m|h))+|Never)$ type: string consolidationPolicy: @@ -153,7 +152,6 @@ spec: description: |- ConsolidationPolicy describes which nodes Karpenter can disrupt through its consolidation algorithm. This policy defaults to "WhenEmptyOrUnderutilized" if not specified - When replicas is set, ConsolidationPolicy is simply ignored enum: - WhenEmpty - WhenEmptyOrUnderutilized @@ -168,24 +166,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: |- - Limits define a set of bounds for provisioning capacity. - Limits other than limits.nodes is not supported when replicas is set. + description: Limits define a set of bounds for provisioning capacity. type: object - replicas: - description: |- - Replicas is the desired number of nodes for the NodePool. When specified, the NodePool will - maintain this fixed number of replicas rather than scaling based on pod demand. - When replicas is set: - - The following fields are ignored: - * disruption.consolidationPolicy - * disruption.consolidateAfter - - Only limits.nodes is supported; other resource limits (e.g., CPU, memory) must not be specified. - - Weight is not supported. - Note: This field is alpha. - format: int64 - minimum: 0 - type: integer template: description: |- Template contains the template of possibilities for the provisioning logic to launch a NodeClaim with. @@ -225,8 +207,8 @@ spec: rule: self.all(x, x != "karpenter.sh/nodepool") - message: label "kubernetes.io/hostname" is restricted rule: self.all(x, x != "kubernetes.io/hostname") - - message: label domain "karpenter.k8s.aws" is restricted - rule: self.all(x, x in ["karpenter.k8s.aws/capacity-reservation-type", "karpenter.k8s.aws/capacity-reservation-id", "karpenter.k8s.aws/ec2nodeclass", "karpenter.k8s.aws/instance-encryption-in-transit-supported", "karpenter.k8s.aws/instance-category", "karpenter.k8s.aws/instance-hypervisor", "karpenter.k8s.aws/instance-family", "karpenter.k8s.aws/instance-generation", "karpenter.k8s.aws/instance-local-nvme", "karpenter.k8s.aws/instance-size", "karpenter.k8s.aws/instance-cpu", "karpenter.k8s.aws/instance-cpu-manufacturer", "karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz", "karpenter.k8s.aws/instance-memory", "karpenter.k8s.aws/instance-ebs-bandwidth", "karpenter.k8s.aws/instance-network-bandwidth", "karpenter.k8s.aws/instance-gpu-name", "karpenter.k8s.aws/instance-gpu-manufacturer", "karpenter.k8s.aws/instance-gpu-count", "karpenter.k8s.aws/instance-gpu-memory", "karpenter.k8s.aws/instance-accelerator-name", "karpenter.k8s.aws/instance-accelerator-manufacturer", "karpenter.k8s.aws/instance-accelerator-count", "karpenter.k8s.aws/instance-capability-flex"] || !x.find("^([^/]+)").endsWith("karpenter.k8s.aws")) + - message: label domain "karpenter.azure.com" is restricted + rule: self.all(x, x in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count" ] || !x.find("^([^/]+)").endsWith("karpenter.azure.com")) type: object spec: description: |- @@ -298,8 +280,8 @@ spec: rule: self != "karpenter.sh/nodepool" - message: label "kubernetes.io/hostname" is restricted rule: self != "kubernetes.io/hostname" - - message: label domain "karpenter.k8s.aws" is restricted - rule: self in ["karpenter.k8s.aws/capacity-reservation-type", "karpenter.k8s.aws/capacity-reservation-id", "karpenter.k8s.aws/ec2nodeclass", "karpenter.k8s.aws/instance-encryption-in-transit-supported", "karpenter.k8s.aws/instance-category", "karpenter.k8s.aws/instance-hypervisor", "karpenter.k8s.aws/instance-family", "karpenter.k8s.aws/instance-generation", "karpenter.k8s.aws/instance-local-nvme", "karpenter.k8s.aws/instance-size", "karpenter.k8s.aws/instance-cpu", "karpenter.k8s.aws/instance-cpu-manufacturer", "karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz", "karpenter.k8s.aws/instance-memory", "karpenter.k8s.aws/instance-ebs-bandwidth", "karpenter.k8s.aws/instance-network-bandwidth", "karpenter.k8s.aws/instance-gpu-name", "karpenter.k8s.aws/instance-gpu-manufacturer", "karpenter.k8s.aws/instance-gpu-count", "karpenter.k8s.aws/instance-gpu-memory", "karpenter.k8s.aws/instance-accelerator-name", "karpenter.k8s.aws/instance-accelerator-manufacturer", "karpenter.k8s.aws/instance-accelerator-count", "karpenter.k8s.aws/instance-capability-flex"] || !self.find("^([^/]+)").endsWith("karpenter.k8s.aws") + - message: label domain "karpenter.azure.com" is restricted + rule: self in [ "karpenter.azure.com/aksnodeclass", "karpenter.azure.com/sku-name", "karpenter.azure.com/sku-family", "karpenter.azure.com/sku-series", "karpenter.azure.com/sku-version", "karpenter.azure.com/sku-cpu", "karpenter.azure.com/sku-memory", "karpenter.azure.com/sku-networking-accelerated", "karpenter.azure.com/sku-storage-premium-capable", "karpenter.azure.com/sku-storage-ephemeralos-maxsize", "karpenter.azure.com/sku-gpu-name", "karpenter.azure.com/sku-gpu-manufacturer", "karpenter.azure.com/sku-gpu-count" ] || !self.find("^([^/]+)").endsWith("karpenter.azure.com") minValues: description: |- This field is ALPHA and can be dropped or replaced at any time @@ -372,7 +354,9 @@ spec: minLength: 1 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$ timeAdded: - description: TimeAdded represents the time at which the taint was added. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: @@ -407,7 +391,9 @@ spec: minLength: 1 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$ timeAdded: - description: TimeAdded represents the time at which the taint was added. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: @@ -449,7 +435,6 @@ spec: numerical weight indicates that this nodepool will be ordered ahead of other nodepools with lower weights. A nodepool with no weight will be treated as if it is a nodepool with a weight of 0. - Weight is not supported when replicas is set. format: int32 maximum: 100 minimum: 1 @@ -457,13 +442,6 @@ spec: required: - template type: object - x-kubernetes-validations: - - message: Cannot transition NodePool between static (replicas set) and dynamic (replicas unset) provisioning modes - rule: has(self.replicas) == has(oldSelf.replicas) - - message: only 'limits.nodes' is supported on static NodePools - rule: '!has(self.replicas) || (!has(self.limits) || size(self.limits) == 0 || (size(self.limits) == 1 && ''nodes'' in self.limits))' - - message: '''weight'' is not supported on static NodePools' - rule: '!has(self.replicas) || !has(self.weight)' status: description: NodePoolStatus defines the observed state of NodePool properties: @@ -529,11 +507,6 @@ spec: the actual NodeClass Generation, NodeRegistrationHealthy status condition on the NodePool will be reset format: int64 type: integer - nodes: - default: 0 - description: Nodes is the count of nodes associated with this NodePool - format: int64 - type: integer resources: additionalProperties: anyOf: @@ -550,8 +523,5 @@ spec: served: true storage: true subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.nodes status: {} diff --git a/definitions/kci.rocks/database.yaml b/definitions/kci.rocks/database.yaml new file mode 100644 index 000000000..a5cd974eb --- /dev/null +++ b/definitions/kci.rocks/database.yaml @@ -0,0 +1,631 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + cert-manager.io/inject-ca-from: /db-operator-webhook + + helm.sh/resource-policy: keep + creationTimestamp: null + name: databases.kci.rocks +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: + name: db-operator-webhook + path: /convert + conversionReviewVersions: + - v1alpha1 + - v1beta1 + group: kci.rocks + names: + kind: Database + listKind: DatabaseList + plural: databases + shortNames: + - db + singular: database + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: current db phase + jsonPath: .status.phase + name: Phase + type: string + - description: current db status + jsonPath: .status.status + name: Status + type: boolean + - description: If database is protected to not get deleted. + jsonPath: .spec.deletionProtected + name: Protected + type: boolean + - description: instance reference + jsonPath: .spec.instance + name: DBInstance + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + backup: + description: DatabaseBackup defines the desired state of backup and + schedule + properties: + cron: + type: string + enable: + type: boolean + required: + - cron + - enable + type: object + cleanup: + type: boolean + connectionStringTemplate: + description: 'ConnectionStringTemplate field can be used to pass a + custom template for generating a db connection string. These keywords + can be used: Protocol, DatabaseHost, DatabasePort, UserName, Password, + DatabaseName. Default template looks like this: "://:@:/"' + type: string + deletionProtected: + type: boolean + extensions: + items: + type: string + type: array + instance: + type: string + postgres: + description: Postgres struct should be used to provide resource that + only applicable to postgres + properties: + dropPublicSchema: + description: If set to true, the public schema will be dropped + after the database creation + type: boolean + schemas: + description: Specify schemas to be created. The user created by + db-operator will have all access on them. + items: + type: string + type: array + type: object + secretName: + type: string + secretsTemplates: + additionalProperties: + type: string + type: object + required: + - backup + - deletionProtected + - instance + - secretName + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + database: + type: string + instanceRef: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: NamespacedName is a fork of the kubernetes api + type of the same name. Sadly this is required because CRD + structs must have all fields json tagged and the kubernetes + type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket + to use for storing database dumps for backup when backup + is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' + type: string + generic: + description: GenericInstance is used when instance type is + generic and describes necessary informations to use instance + generic instance can be any backend, it must be reachable + by described address and port + properties: + backupHost: + description: BackupHost address will be used for dumping + database for backup Usually secondary address for primary-secondary + setup or cluster lb address If it's not defined, above + Host will be used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: + type: string + required: + - host + - port + type: object + google: + description: GoogleInstance is used when instance type is + Google Cloud SQL and describes necessary informations to + use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: NamespacedName is a fork of the kubernetes + api type of the same name. Sadly this is required because + CRD structs must have all fields json tagged and the + kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: NamespacedName is a fork of the kubernetes + api type of the same name. Sadly this is required because + CRD structs must have all fields json tagged and the + kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection + from db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't + check against a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + monitorUserSecret: + type: string + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file Add custom validation using kubebuilder tags: + https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' + type: string + proxyStatus: + description: DatabaseProxyStatus defines whether proxy for database + is enabled or not if so, provide information + properties: + serviceName: + type: string + sqlPort: + format: int32 + type: integer + status: + type: boolean + required: + - serviceName + - sqlPort + - status + type: object + status: + type: boolean + user: + type: string + required: + - database + - instanceRef + - phase + - status + - user + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: current db phase + jsonPath: .status.phase + name: Phase + type: string + - description: current db status + jsonPath: .status.status + name: Status + type: boolean + - description: If database is protected to not get deleted. + jsonPath: .spec.deletionProtected + name: Protected + type: boolean + - description: instance reference + jsonPath: .spec.instance + name: DBInstance + type: string + - description: time since creation of resource + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + backup: + description: DatabaseBackup defines the desired state of backup and + schedule + properties: + cron: + type: string + enable: + type: boolean + required: + - cron + - enable + type: object + cleanup: + type: boolean + deletionProtected: + type: boolean + instance: + type: string + postgres: + description: Postgres struct should be used to provide resource that + only applicable to postgres + properties: + dropPublicSchema: + description: If set to true, the public schema will be dropped + after the database creation + type: boolean + extensions: + items: + type: string + type: array + schemas: + description: Specify schemas to be created. The user created by + db-operator will have all access on them. + items: + type: string + type: array + type: object + secretName: + type: string + secretsTemplates: + additionalProperties: + type: string + type: object + required: + - backup + - deletionProtected + - instance + - secretName + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + database: + type: string + instanceRef: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: NamespacedName is a fork of the kubernetes api + type of the same name. Sadly this is required because CRD + structs must have all fields json tagged and the kubernetes + type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket + to use for storing database dumps for backup when backup + is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' + type: string + generic: + description: GenericInstance is used when instance type is + generic and describes necessary informations to use instance + generic instance can be any backend, it must be reachable + by described address and port + properties: + backupHost: + description: BackupHost address will be used for dumping + database for backup Usually secondary address for primary-secondary + setup or cluster lb address If it's not defined, above + Host will be used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: + type: string + required: + - host + - port + type: object + google: + description: GoogleInstance is used when instance type is + Google Cloud SQL and describes necessary informations to + use google API to create sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: NamespacedName is a fork of the kubernetes + api type of the same name. Sadly this is required because + CRD structs must have all fields json tagged and the + kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: NamespacedName is a fork of the kubernetes + api type of the same name. Sadly this is required because + CRD structs must have all fields json tagged and the + kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection + from db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't + check against a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate + code after modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + monitorUserSecret: + type: string + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file Add custom validation using kubebuilder tags: + https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' + type: string + proxyStatus: + description: DatabaseProxyStatus defines whether proxy for database + is enabled or not if so, provide information + properties: + serviceName: + type: string + sqlPort: + format: int32 + type: integer + status: + type: boolean + required: + - serviceName + - sqlPort + - status + type: object + status: + type: boolean + user: + type: string + required: + - database + - instanceRef + - phase + - status + - user + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/kci.rocks/dbinstance.yaml b/definitions/kci.rocks/dbinstance.yaml new file mode 100644 index 000000000..f5100625c --- /dev/null +++ b/definitions/kci.rocks/dbinstance.yaml @@ -0,0 +1,373 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + cert-manager.io/inject-ca-from: /db-operator-webhook + + helm.sh/resource-policy: keep + name: dbinstances.kci.rocks +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: + name: db-operator-webhook + path: /convert + conversionReviewVersions: + - v1alpha1 + - v1beta1 + group: kci.rocks + names: + kind: DbInstance + listKind: DbInstanceList + plural: dbinstances + shortNames: + - dbin + singular: dbinstance + scope: Cluster + versions: + - additionalPrinterColumns: + - description: current phase + jsonPath: .status.phase + name: Phase + type: string + - description: health status + jsonPath: .status.status + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: NamespacedName is a fork of the kubernetes api type of + the same name. Sadly this is required because CRD structs must have + all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket to use + for storing database dumps for backup when backup is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + generic: + description: GenericInstance is used when instance type is generic + and describes necessary informations to use instance generic instance + can be any backend, it must be reachable by described address and + port + properties: + backupHost: + description: BackupHost address will be used for dumping database + for backup Usually secondary address for primary-secondary setup + or cluster lb address If it's not defined, above Host will be + used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: + type: string + required: + - host + - port + type: object + google: + description: GoogleInstance is used when instance type is Google Cloud + SQL and describes necessary informations to use google API to create + sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: NamespacedName is a fork of the kubernetes api type + of the same name. Sadly this is required because CRD structs + must have all fields json tagged and the kubernetes type is + not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: NamespacedName is a fork of the kubernetes api type + of the same name. Sadly this is required because CRD structs + must have all fields json tagged and the kubernetes type is + not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection from + db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't check against + a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: current phase + jsonPath: .status.phase + name: Phase + type: string + - description: health status + jsonPath: .status.status + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: DbInstance is the Schema for the dbinstances API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DbInstanceSpec defines the desired state of DbInstance + properties: + adminSecretRef: + description: NamespacedName is a fork of the kubernetes api type of + the same name. Sadly this is required because CRD structs must have + all fields json tagged and the kubernetes type is not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + backup: + description: DbInstanceBackup defines name of google bucket to use + for storing database dumps for backup when backup is enabled + properties: + bucket: + type: string + required: + - bucket + type: object + engine: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + generic: + description: GenericInstance is used when instance type is generic + and describes necessary informations to use instance generic instance + can be any backend, it must be reachable by described address and + port + properties: + backupHost: + description: BackupHost address will be used for dumping database + for backup Usually secondary address for primary-secondary setup + or cluster lb address If it's not defined, above Host will be + used as backup host address. + type: string + host: + type: string + port: + type: integer + publicIp: + type: string + required: + - host + - port + type: object + google: + description: GoogleInstance is used when instance type is Google Cloud + SQL and describes necessary informations to use google API to create + sql instances + properties: + apiEndpoint: + type: string + clientSecretRef: + description: NamespacedName is a fork of the kubernetes api type + of the same name. Sadly this is required because CRD structs + must have all fields json tagged and the kubernetes type is + not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + configmapRef: + description: NamespacedName is a fork of the kubernetes api type + of the same name. Sadly this is required because CRD structs + must have all fields json tagged and the kubernetes type is + not tagged. + properties: + Name: + type: string + Namespace: + type: string + required: + - Name + - Namespace + type: object + instance: + type: string + required: + - configmapRef + - instance + type: object + monitoring: + description: DbInstanceMonitoring defines if exporter + properties: + enabled: + type: boolean + required: + - enabled + type: object + sslConnection: + description: DbInstanceSSLConnection defines weather connection from + db-operator to instance has to be ssl or not + properties: + enabled: + type: boolean + skip-verify: + description: SkipVerity use SSL connection, but don't check against + a CA + type: boolean + required: + - enabled + - skip-verify + type: object + required: + - adminSecretRef + - engine + type: object + status: + description: DbInstanceStatus defines the observed state of DbInstance + properties: + checksums: + additionalProperties: + type: string + type: object + info: + additionalProperties: + type: string + type: object + phase: + description: 'Important: Run "make generate" to regenerate code after + modifying this file' + type: string + status: + type: boolean + required: + - phase + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/keda.k8s.io/scaledobject.yaml b/definitions/keda.k8s.io/scaledobject.yaml new file mode 100644 index 000000000..22c77e10a --- /dev/null +++ b/definitions/keda.k8s.io/scaledobject.yaml @@ -0,0 +1,4529 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scaledobjects.keda.k8s.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.scaleTargetRef.deploymentName + name: Deployment + type: string + - JSONPath: .spec.triggers[*].type + name: Triggers + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: keda.k8s.io + names: + kind: ScaledObject + listKind: ScaledObjectList + plural: scaledobjects + singular: scaledobject + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ScaledObject is a specification for a ScaledObject resource + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScaledObjectSpec is the spec for a ScaledObject resource + properties: + cooldownPeriod: + format: int32 + type: integer + jobTargetRef: + description: JobSpec describes how the job execution will look like. + properties: + activeDeadlineSeconds: + description: Specifies the duration in seconds relative to the startTime + that the job may be active before the system tries to terminate + it; value must be positive integer + format: int64 + type: integer + backoffLimit: + description: Specifies the number of retries before marking this + job failed. Defaults to 6 + format: int32 + type: integer + completions: + description: 'Specifies the desired number of successfully finished + pods the job should be run with. Setting to nil means that the + success of any pod signals the success of all pods, and allows + parallelism to have any positive value. Setting to 1 means that + parallelism is limited to 1 and the success of that pod signals + the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + format: int32 + type: integer + manualSelector: + description: 'manualSelector controls generation of pod labels and + pod selectors. Leave `manualSelector` unset unless you are certain + what you are doing. When false or unset, the system pick labels + unique to this job and appends those labels to the pod template. When + true, the user is responsible for picking unique labels and specifying + the selector. Failure to pick a unique label may cause this and + other jobs to not function correctly. However, You may see `manualSelector=true` + in jobs that were created with the old `extensions/v1beta1` API. + More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector' + type: boolean + parallelism: + description: 'Specifies the maximum desired number of pods the job + should run at any given time. The actual number of pods running + in steady state will be less than this number when ((.spec.completions + - .status.successful) < .spec.parallelism), i.e. when the work + left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + format: int32 + type: integer + selector: + description: 'A label query over pods that should match the pod + count. Normally, the system sets this field for you. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + template: + description: 'Describes the pod that will be created when executing + a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + type: object + spec: + description: 'Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be + active on the node relative to StartTime before the system + will actively try to mark it failed and kill associated + containers. Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to an update), the system may or may + not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which + namespaces the labelSelector applies + to (matches against); null or empty + list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which + namespaces the labelSelector applies + to (matches against); null or empty + list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the anti-affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system may or may not try to eventually evict + the pod from its node. When there are multiple + elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + containers: + description: List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at + least one container in a Pod. Cannot be updated. + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service + environment variables. If a variable cannot + be resolved, the reference in the input string + will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or it's key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults + to "1" + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or it's key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will take + precedence. Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag + is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the + handler. The Pod''s termination grace period + countdown begins before the PreStop hooked is + executed. Regardless of the outcome of the handler, + the container will eventually terminate within + the Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a + DNS_LABEL. Each container in a pod must have a unique + name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional + information about the network connections a container + uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible + from the network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on the + pod's IP address. This must be a valid port + number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the + host. If specified, this must be a valid port + number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port + in a pod must have a unique name. Name for + the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, + TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run + with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when + running containers. Defaults to the default + set of capabilities granted by the container + runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If + this is not set, reads from stdin in the container + will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client + attaches to stdin, and then remains open and accepts + data until the client disconnects, at which time + stdin is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to + which the container''s termination message will + be written is mounted into the container''s filesystem. + Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output + if the termination message file is empty and the + container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how + mounts are propagated from the host to container + and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults + to false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should be + mounted. Behaves similarly to SubPath but + environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. This field + is alpha in 1.14. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not + specified, the container runtime's default will + be used, which might be configured in the container + image. Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. + This will be appended to the base nameservers generated + from DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will + be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in + the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths + will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig + will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have + to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + hostAliases: + description: HostAliases is an optional list of hosts and + IPs that will be injected into the pod's hosts file if + specified. This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and + hostnames that will be injected as an entry in the pod's + hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use + the host's network namespace. If this option is set, the + ports that will be used must be specified. Default to + false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. If specified, these + secrets will be passed to individual puller implementations + for them to use. For example, in the case of docker, only + DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + initContainers: + description: 'List of initialization containers belonging + to the pod. Init containers are executed in order prior + to containers being started. If any init container fails, + the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or + normal container must be unique among all containers. + Init containers may not have Lifecycle actions, Readiness + probes, or Liveness probes. The resourceRequirements of + an init container are taken into account during scheduling + by finding the highest request/limit for each resource + type, and then using the max of of that value or the sum + of the normal containers. Limits are applied to init containers + in a similar fashion. Init containers cannot currently + be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be + updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service + environment variables. If a variable cannot + be resolved, the reference in the input string + will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or it's key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults + to "1" + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or it's key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will take + precedence. Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag + is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the + handler. The Pod''s termination grace period + countdown begins before the PreStop hooked is + executed. Regardless of the outcome of the handler, + the container will eventually terminate within + the Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the + action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet + supported TODO: implement a realistic TCP + lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a + DNS_LABEL. Each container in a pod must have a unique + name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional + information about the network connections a container + uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible + from the network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on the + pod's IP address. This must be a valid port + number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the + host. If specified, this must be a valid port + number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port + in a pod must have a unique name. Name for + the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, + TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run + with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when + running containers. Defaults to the default + set of capabilities granted by the container + runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If + this is not set, reads from stdin in the container + will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client + attaches to stdin, and then remains open and accepts + data until the client disconnects, at which time + stdin is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to + which the container''s termination message will + be written is mounted into the container''s filesystem. + Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output + if the termination message file is empty and the + container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how + mounts are propagated from the host to container + and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults + to false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should be + mounted. Behaves similarly to SubPath but + environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. This field + is alpha in 1.14. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not + specified, the container runtime's default will + be used, which might be configured in the container + image. Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod + onto a specific node. If it is non-empty, the scheduler + simply schedules this pod onto that node, assuming that + it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from + setting this field. The admission controller populates + this field from PriorityClassName. The higher the value, + the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + "system-node-critical" and "system-cluster-critical" are + two special keywords which indicate the highest priorities + with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object + with that name. If not specified, the pod priority will + be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be + evaluated for pod readiness. A pod is ready when all its + containers are ready AND all conditions specified in the + readiness gates have status equal to "True" More info: + https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: 'Restart policy for all containers within the + pod. One of Always, OnFailure, Never. Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches + the named class, the pod will not be run. If unset or + empty, the "legacy" RuntimeClass will be used, which is + an implicit class with an empty definition that uses the + default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is an alpha feature and may change in the future.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by + specified scheduler. If not specified, the pod will be + dispatched by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume + to be owned by the pod: \n 1. The owning GID will + be the FSGroup 2. The setgid bit is set (new files + created in the volume will be owned by FSGroup) 3. + The permission bits are OR'd with rw-rw---- \n If + unset, the Kubelet will not modify the ownership and + permissions of any volume." + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if + it does. If unset or false, no such validation will + be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime + will allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID. If unspecified, no groups will be added + to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated + alias for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + shareProcessNamespace: + description: 'Share a single process namespace between all + of the containers in a pod. When this is set containers + will be able to view and signal processes from other containers + in the same pod, and the first process in each container + will not be assigned PID 1. HostPID and ShareProcessNamespace + cannot both be set. Optional: Default to false. This field + is beta-level and may be disabled with the PodShareProcessNamespace + feature.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates + delete immediately. If this value is nil, the default + grace period will be used instead. The grace period is + the duration in seconds after the processes running in + the pod are sent a termination signal and the time when + the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for + your process. Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume in a pod + that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'AWSElasticBlockStore represents an AWS + Disk resource that is attached to a kubelet''s host + machine and then exposed to the pod. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'Filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'The partition in the volume that + you want to mount. If omitted, the default is + to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set + the ReadOnly property in VolumeMounts to "true". + If omitted, the default is "false". More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, + Read Write.' + type: string + diskName: + description: The Name of the data disk in the + blob storage + type: string + diskURI: + description: The URI the data disk in the blob + storage + type: string + fsType: + description: Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: CephFS represents a Ceph FS mount on + the host that shares a pod's lifetime + properties: + monitors: + description: 'Required: Monitors is a collection + of Ceph monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path + to key ring for User, default is /etc/ceph/user.secret + More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'Optional: SecretRef is reference + to the authentication secret for User, default + is empty. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + user: + description: 'Optional: User is the rados user + name, default is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'Cinder represents a cinder volume attached + and mounted on kubelets host machine More info: + https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'Optional: points to a secret object + containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume + in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: ConfigMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a value between 0 + and 0777. Defaults to 0644. Directories within + the path are not affected by this setting. This + might be in conflict with other options that + affect the file mode, like fsGroup, and the + result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + it's keys must be defined + type: boolean + type: object + csi: + description: CSI (Container Storage Interface) represents + storage that is handled by an external CSI driver + (Alpha feature). + properties: + driver: + description: Driver is the name of the CSI driver + that handles this volume. Consult with your + admin for the correct name as registered in + the cluster. + type: string + fsType: + description: Filesystem type to mount. Ex. "ext4", + "xfs", "ntfs". If not provided, the empty value + is passed to the associated CSI driver which + will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: NodePublishSecretRef is a reference + to the secret object containing sensitive information + to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if + no secret is required. If the secret object + contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + readOnly: + description: Specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: VolumeAttributes stores driver-specific + properties that are passed to the CSI driver. + Consult your driver's documentation for supported + values. + type: object + required: + - driver + type: object + downwardAPI: + description: DownwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a value between 0 + and 0777. Defaults to 0644. Directories within + the path are not affected by this setting. This + might be in conflict with other options that + affect the file mode, like fsGroup, and the + result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults + to "1" + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'EmptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'What type of storage medium should + back this directory. The default is "" which + means to use the node''s default medium. Must + be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: 'Total amount of local storage required + for this EmptyDir volume. The size limit is + also applicable for memory medium. The maximum + usage on memory medium EmptyDir would be the + minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that + the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + type: string + type: object + fc: + description: FC represents a Fibre Channel resource + that is attached to a kubelet's host machine and + then exposed to the pod. + properties: + fsType: + description: 'Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. TODO: + how do we prevent errors in the filesystem from + compromising the machine' + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names + (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs + and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume + resource that is provisioned/attached using an exec + based plugin. + properties: + driver: + description: Driver is the name of the driver + to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". The default + filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'Optional: Extra command options + if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts.' + type: boolean + secretRef: + description: 'Optional: SecretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty + if no secret object is specified. If the secret + object contains more than one secret, all secrets + are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: Flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the + Flocker control service being running + properties: + datasetName: + description: Name of the dataset stored as metadata + -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique + identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'GCEPersistentDisk represents a GCE Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'Filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'The partition in the volume that + you want to mount. If omitted, the default is + to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in + GCE. Used to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'GitRepo represents a git repository + at a particular revision. DEPRECATED: GitRepo is + deprecated. To provision a container with a git + repo, mount an EmptyDir into an InitContainer that + clones the repo using git, then mount the EmptyDir + into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git + repository in the subdirectory with the given + name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'Glusterfs represents a Glusterfs mount + on the host that shares a pod''s lifetime. More + info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'EndpointsName is the endpoint name + that details Glusterfs topology. More info: + https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. + More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'HostPath represents a pre-existing file + or directory on the host machine that is directly + exposed to the container. This is generally used + for system agents or other privileged things that + are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use + host directory mounts and who can/can not mount + host directories as read/write.' + properties: + path: + description: 'Path of the directory on the host. + If the path is a symlink, it will follow the + link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'ISCSI represents an ISCSI Disk resource + that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP + authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP + authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName + is specified with iscsiInterface simultaneously, + new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an + iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal + is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 + and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: CHAP Secret for iSCSI target and + initiator authentication + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is + either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 + and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'NFS represents an NFS mount on the host + that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'Path that is exported by the NFS + server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS + export to be mounted with read-only permissions. + Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'PersistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same + namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this + volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: PhotonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets + host machine + properties: + fsType: + description: Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolume represents a portworx + volume attached and mounted on kubelets host machine + properties: + fsType: + description: FSType represents the filesystem + type to mount Must be a filesystem type supported + by the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: Items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: Mode bits to use on created files + by default. Must be a value between 0 and 0777. + Directories within the path are not affected + by this setting. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: information about the configMap + data to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + to use on this file, must be + a value between 0 and 0777. + If not specified, the volume + defaultMode will be used. This + might be in conflict with other + options that affect the file + mode, like fsGroup, and the + result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path + of the file to map the key to. + May not be an absolute path. + May not contain the path element + '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or it's keys must be defined + type: boolean + type: object + downwardAPI: + description: information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is + written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits + to use on this file, must be + a value between 0 and 0777. + If not specified, the volume + defaultMode will be used. This + might be in conflict with other + options that affect the file + mode, like fsGroup, and the + result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. + Must be utf-8 encoded. The first + item of the relative path must + not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + description: Specifies the + output format of the exposed + resources, defaults to "1" + type: string + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: information about the secret + data to project + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + to use on this file, must be + a value between 0 and 0777. + If not specified, the volume + defaultMode will be used. This + might be in conflict with other + options that affect the file + mode, like fsGroup, and the + result can be other mode bits + set.' + format: int32 + type: integer + path: + description: The relative path + of the file to map the key to. + May not be an absolute path. + May not contain the path element + '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: information about the serviceAccountToken + data to project + properties: + audience: + description: Audience is the intended + audience of the token. A recipient + of a token must identify itself with + an identifier specified in the audience + of the token, and otherwise should + reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the + requested duration of validity of + the service account token. As the + token approaches expiration, the kubelet + volume plugin will proactively rotate + the service account token. The kubelet + will start trying to rotate the token + if the token is older than 80 percent + of its time to live or if the token + is older than 24 hours.Defaults to + 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative + to the mount point of the file to + project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Quobyte represents a Quobyte mount on + the host that shares a pod's lifetime + properties: + group: + description: Group to map volume access to Default + is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte + volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple + Quobyte Registry services specified as a string + as host:port pair (multiple entries are separated + with commas) which acts as the central registry + for volumes + type: string + tenant: + description: Tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned + Quobyte volumes, value is set by the plugin + type: string + user: + description: User to map volume access to Defaults + to serivceaccount user + type: string + volume: + description: Volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'RBD represents a Rados Block Device + mount on the host that shares a pod''s lifetime. + More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md' + properties: + fsType: + description: 'Filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + image: + description: 'The rados image name. More info: + https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring + for RBDUser. Default is /etc/ceph/keyring. More + info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More + info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is + rbd. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. + More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'SecretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + user: + description: 'The rados user name. Default is + admin. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: ScaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Default is + "xfs". + type: string + gateway: + description: The host address of the ScaleIO API + Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef references to the secret + for ScaleIO user and other sensitive information. + If this is not provided, Login operation will + fail. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: The name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created + in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'Secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a value between 0 + and 0777. Defaults to 0644. Directories within + the path are not affected by this setting. This + might be in conflict with other options that + affect the file mode, like fsGroup, and the + result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose + name is the key and content is the value. If + specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use + on this file, must be a value between + 0 and 0777. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or it's + keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s + namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: StorageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: SecretRef specifies the secret to + use for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + volumeName: + description: VolumeName is the human-readable + name of the StorageOS volume. Volume names + are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope + of the volume within StorageOS. If no namespace + is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping + to be mirrored within StorageOS for tighter + integration. Set VolumeName to any name to override + the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will + be created. + type: string + type: object + vsphereVolume: + description: VsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: Filesystem type to mount. Must be + a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) + profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) + profile name. + type: string + volumePath: + description: Path that identifies vSphere volume + vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + ttlSecondsAfterFinished: + description: ttlSecondsAfterFinished limits the lifetime of a Job + that has finished execution (either Complete or Failed). If this + field is set, ttlSecondsAfterFinished after the Job finishes, + it is eligible to be automatically deleted. When the Job is being + deleted, its lifecycle guarantees (e.g. finalizers) will be honored. + If this field is unset, the Job won't be automatically deleted. + If this field is set to zero, the Job becomes eligible to be deleted + immediately after it finishes. This field is alpha-level and is + only honored by servers that enable the TTLAfterFinished feature. + format: int32 + type: integer + required: + - template + type: object + maxReplicaCount: + format: int32 + type: integer + minReplicaCount: + format: int32 + type: integer + pollingInterval: + format: int32 + type: integer + scaleTargetRef: + description: ObjectReference holds the a reference to the deployment + this ScaledObject applies + properties: + containerName: + type: string + deploymentName: + type: string + required: + - deploymentName + type: object + scaleType: + description: ScaledObjectScaleType distinguish between Deployment based + and K8s Jobs + type: string + triggers: + items: + description: ScaleTriggers reference the scaler that will be used + properties: + authenticationRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + object that is used to authenticate the scaler with the environment + properties: + name: + type: string + required: + - name + type: object + metadata: + additionalProperties: + type: string + type: object + name: + type: string + type: + type: string + required: + - metadata + - type + type: object + type: array + required: + - triggers + type: object + status: + description: ScaledObjectStatus is the status for a ScaledObject resource + properties: + externalMetricNames: + items: + type: string + type: array + lastActiveTime: + format: date-time + type: string + type: object + required: + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/definitions/keda.k8s.io/triggerauthentication.yaml b/definitions/keda.k8s.io/triggerauthentication.yaml new file mode 100644 index 000000000..d8c5cdafa --- /dev/null +++ b/definitions/keda.k8s.io/triggerauthentication.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: triggerauthentications.keda.k8s.io +spec: + group: keda.k8s.io + names: + kind: TriggerAuthentication + listKind: TriggerAuthenticationList + plural: triggerauthentications + singular: triggerauthentication + scope: Namespaced + validation: + openAPIV3Schema: + description: TriggerAuthentication defines how a trigger can authenticate + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TriggerAuthenticationSpec defines the various ways to authenticate + properties: + env: + items: + description: AuthEnvironment is used to authenticate using environment + variables in the destination deployment spec + properties: + containerName: + type: string + name: + type: string + parameter: + type: string + required: + - name + - parameter + type: object + type: array + podIdentity: + description: AuthPodIdentity allows users to select the platform native + identity mechanism + properties: + provider: + description: PodIdentityProvider contains the list of providers + type: string + required: + - provider + type: object + secretTargetRef: + items: + description: AuthSecretTargetRef is used to authenticate using a reference + to a secret + properties: + key: + type: string + name: + type: string + parameter: + type: string + required: + - key + - name + - parameter + type: object + type: array + type: object + required: + - spec + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + diff --git a/definitions/kubeflow.org/jaxjob.yaml b/definitions/kubeflow.org/jaxjob.yaml new file mode 100644 index 000000000..22f0a237c --- /dev/null +++ b/definitions/kubeflow.org/jaxjob.yaml @@ -0,0 +1,7901 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: jaxjobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: JAXJob + listKind: JAXJobList + plural: jaxjobs + singular: jaxjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: JAXJob Represents a JAXJob resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the desired state of the JAXJob. + properties: + jaxReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + description: |- + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + This field should not be used to express a desire for the pod to be scheduled on a specific node. + https://kubernetes. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + type: object + description: |- + A map of JAXReplicaType (type) to ReplicaSpec (value). Specifies the JAX cluster configuration. + For example, + { + "Worker": JAXReplicaSpec, + } + type: object + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + managedBy: + description: |- + ManagedBy is used to indicate the controller or entity that manages a job. + The value must be either an empty, 'kubeflow.org/training-operator' or + 'kueue.x-k8s.io/multikueue'. + The training-operator reconciles a job which doesn't have this + field at all or the field value is the reserved string + 'kubeflow.org/training-operator', but delegates reconciling the job + with 'kueue.x-k8s. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + required: + - jaxReplicaSpecs + type: object + status: + description: |- + Most recently observed status of the JAXJob. + Read-only (modified by the system). + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.replicaStatuses.Worker.selector + specReplicasPath: .spec.jaxReplicaSpecs.Worker.replicas + statusReplicasPath: .status.replicaStatuses.Worker.active + status: {} + diff --git a/definitions/kubeflow.org/mpijob.yaml b/definitions/kubeflow.org/mpijob.yaml new file mode 100644 index 000000000..510ae6dbf --- /dev/null +++ b/definitions/kubeflow.org/mpijob.yaml @@ -0,0 +1,7906 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: mpijobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: MPIJob + listKind: MPIJobList + plural: mpijobs + singular: mpijob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[-1:].type + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy that whether to kill pods after the job completes. + Defaults to None. + type: string + mainContainer: + description: |- + MainContainer specifies name of the main container which + executes the MPI code. + type: string + mpiReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + description: |- + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + This field should not be used to express a desire for the pod to be scheduled on a specific node. + https://kubernetes. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + type: object + description: |- + `MPIReplicaSpecs` contains maps from `MPIReplicaType` to `ReplicaSpec` that + specify the MPI replicas to run. + type: object + runPolicy: + description: |- + `RunPolicy` encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + managedBy: + description: |- + ManagedBy is used to indicate the controller or entity that manages a job. + The value must be either an empty, 'kubeflow.org/training-operator' or + 'kueue.x-k8s.io/multikueue'. + The training-operator reconciles a job which doesn't have this + field at all or the field value is the reserved string + 'kubeflow.org/training-operator', but delegates reconciling the job + with 'kueue.x-k8s. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + slotsPerWorker: + description: |- + Specifies the number of slots per worker used in hostfile. + Defaults to 1. + format: int32 + type: integer + required: + - mpiReplicaSpecs + type: object + status: + description: JobStatus represents the current observed state of the training + Job. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/kubeflow.org/mxjob.yaml b/definitions/kubeflow.org/mxjob.yaml new file mode 100644 index 000000000..c79faba53 --- /dev/null +++ b/definitions/kubeflow.org/mxjob.yaml @@ -0,0 +1,7500 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: mxjobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: MXJob + listKind: MXJobList + plural: mxjobs + singular: mxjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: MXJob is the Schema for the mxjobs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MXJobSpec defines the desired state of MXJob + properties: + jobMode: + description: |- + JobMode specify the kind of MXjob to do. Different mode may have + different MXReplicaSpecs request + type: string + mxReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: sources is the list of volume + projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + description: |- + MXReplicaSpecs is map of ReplicaType and ReplicaSpec + specifies the MX replicas to run. + For example, + { + "Scheduler": ReplicaSpec, + "Server": ReplicaSpec, + "Worker": ReplicaSpec, + } + type: object + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + required: + - jobMode + - mxReplicaSpecs + type: object + status: + description: JobStatus represents the current observed state of the training + Job. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/kubeflow.org/paddlejob.yaml b/definitions/kubeflow.org/paddlejob.yaml new file mode 100644 index 000000000..72b49b989 --- /dev/null +++ b/definitions/kubeflow.org/paddlejob.yaml @@ -0,0 +1,8393 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: paddlejobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: PaddleJob + listKind: PaddleJobList + plural: paddlejobs + singular: paddlejob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: PaddleJob Represents a PaddleJob resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the desired state of the PaddleJob. + properties: + elasticPolicy: + description: ElasticPolicy holds the elastic policy for paddle job. + properties: + maxReplicas: + description: upper limit for the number of pods that can be set + by the autoscaler; cannot be smaller than MinReplicas, defaults + to null. + format: int32 + type: integer + maxRestarts: + description: MaxRestarts is the limit for restart times of pods + in elastic mode. + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications which are used to calculate the + desired replica count (the maximum replica count across all metrics will + be used). The desired replica count is calculated with multiplying the + ratio between the target value and the current value by the current + number of pods. Ergo, metrics used must decrease as the pod count is + increased, and vice-versa. + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + description: |- + minReplicas is the lower limit for the number of replicas to which the training job + can scale down. It defaults to null. + format: int32 + type: integer + type: object + paddleReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + description: |- + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + This field should not be used to express a desire for the pod to be scheduled on a specific node. + https://kubernetes. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + type: object + description: |- + A map of PaddleReplicaType (type) to ReplicaSpec (value). Specifies the Paddle cluster configuration. + For example, + { + "Master": PaddleReplicaSpec, + "Worker": PaddleReplicaSpec, + } + type: object + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + managedBy: + description: |- + ManagedBy is used to indicate the controller or entity that manages a job. + The value must be either an empty, 'kubeflow.org/training-operator' or + 'kueue.x-k8s.io/multikueue'. + The training-operator reconciles a job which doesn't have this + field at all or the field value is the reserved string + 'kubeflow.org/training-operator', but delegates reconciling the job + with 'kueue.x-k8s. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + required: + - paddleReplicaSpecs + type: object + status: + description: |- + Most recently observed status of the PaddleJob. + Read-only (modified by the system). + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.replicaStatuses.Worker.selector + specReplicasPath: .spec.paddleReplicaSpecs.Worker.replicas + statusReplicasPath: .status.replicaStatuses.Worker.active + status: {} diff --git a/definitions/kubeflow.org/pytorchjob.yaml b/definitions/kubeflow.org/pytorchjob.yaml new file mode 100644 index 000000000..367b4294a --- /dev/null +++ b/definitions/kubeflow.org/pytorchjob.yaml @@ -0,0 +1,8430 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: pytorchjobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: PyTorchJob + listKind: PyTorchJobList + plural: pytorchjobs + singular: pytorchjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: PyTorchJob Represents a PyTorchJob resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the desired state of the PyTorchJob. + properties: + elasticPolicy: + properties: + maxReplicas: + description: upper limit for the number of pods that can be set + by the autoscaler; cannot be smaller than MinReplicas, defaults + to null. + format: int32 + type: integer + maxRestarts: + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications which are used to calculate the + desired replica count (the maximum replica count across all metrics will + be used). The desired replica count is calculated with multiplying the + ratio between the target value and the current value by the current + number of pods. Ergo, metrics used must decrease as the pod count is + increased, and vice-versa. + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + description: |- + minReplicas is the lower limit for the number of replicas to which the training job + can scale down. It defaults to null. + format: int32 + type: integer + nProcPerNode: + description: |- + Number of workers per node; supported values: [auto, cpu, gpu, int]. + Deprecated: This API is deprecated in v1.7+ + Use .spec.nprocPerNode instead. + format: int32 + type: integer + rdzvBackend: + type: string + rdzvConf: + description: RDZVConf contains additional rendezvous configuration + (=,=,...). + items: + properties: + key: + type: string + value: + type: string + type: object + type: array + rdzvHost: + type: string + rdzvId: + type: string + rdzvPort: + format: int32 + type: integer + standalone: + description: |- + Start a local standalone rendezvous backend that is represented by a C10d TCP store + on port 29400. Useful when launching single-node, multi-worker job. If specified + --rdzv_backend, --rdzv_endpoint, --rdzv_id are auto-assigned; any explicitly set values + are ignored. + type: boolean + type: object + nprocPerNode: + description: |- + Number of workers per node; supported values: [auto, cpu, gpu, int]. + For more, https://github.com/pytorch/pytorch/blob/26f7f470df64d90e092081e39507e4ac751f55d6/torch/distributed/run.py#L629-L658. + Defaults to auto. + type: string + pytorchReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + description: |- + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + This field should not be used to express a desire for the pod to be scheduled on a specific node. + https://kubernetes. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + type: object + description: |- + A map of PyTorchReplicaType (type) to ReplicaSpec (value). Specifies the PyTorch cluster configuration. + For example, + { + "Master": PyTorchReplicaSpec, + "Worker": PyTorchReplicaSpec, + } + type: object + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + managedBy: + description: |- + ManagedBy is used to indicate the controller or entity that manages a job. + The value must be either an empty, 'kubeflow.org/training-operator' or + 'kueue.x-k8s.io/multikueue'. + The training-operator reconciles a job which doesn't have this + field at all or the field value is the reserved string + 'kubeflow.org/training-operator', but delegates reconciling the job + with 'kueue.x-k8s. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + required: + - pytorchReplicaSpecs + type: object + status: + description: |- + Most recently observed status of the PyTorchJob. + Read-only (modified by the system). + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.replicaStatuses.Worker.selector + specReplicasPath: .spec.pytorchReplicaSpecs.Worker.replicas + statusReplicasPath: .status.replicaStatuses.Worker.active + status: {} diff --git a/definitions/kubeflow.org/tfjob.yaml b/definitions/kubeflow.org/tfjob.yaml new file mode 100644 index 000000000..57abb018b --- /dev/null +++ b/definitions/kubeflow.org/tfjob.yaml @@ -0,0 +1,7906 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: tfjobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: TFJob + listKind: TFJobList + plural: tfjobs + singular: tfjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: TFJob represents a TFJob resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the desired state of the TFJob. + properties: + enableDynamicWorker: + description: A switch to enable dynamic worker + type: boolean + runPolicy: + description: |- + RunPolicy encapsulates various runtime policies of the distributed training + job, for example how to clean up resources and how long the job can stay + active. + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + managedBy: + description: |- + ManagedBy is used to indicate the controller or entity that manages a job. + The value must be either an empty, 'kubeflow.org/training-operator' or + 'kueue.x-k8s.io/multikueue'. + The training-operator reconciles a job which doesn't have this + field at all or the field value is the reserved string + 'kubeflow.org/training-operator', but delegates reconciling the job + with 'kueue.x-k8s. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + successPolicy: + description: |- + SuccessPolicy defines the policy to mark the TFJob as succeeded. + Default to "", using the default rules. + type: string + tfReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + description: |- + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + This field should not be used to express a desire for the pod to be scheduled on a specific node. + https://kubernetes. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + type: object + description: |- + A map of TFReplicaType (type) to ReplicaSpec (value). Specifies the TF cluster configuration. + For example, + { + "PS": ReplicaSpec, + "Worker": ReplicaSpec, + } + type: object + required: + - tfReplicaSpecs + type: object + status: + description: |- + Most recently observed status of the TFJob. + Populated by the system. + Read-only. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/kubeflow.org/xgboostjob.yaml b/definitions/kubeflow.org/xgboostjob.yaml new file mode 100644 index 000000000..aa44d7ba9 --- /dev/null +++ b/definitions/kubeflow.org/xgboostjob.yaml @@ -0,0 +1,7888 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: xgboostjobs.kubeflow.org +spec: + group: kubeflow.org + names: + kind: XGBoostJob + listKind: XGBoostJobList + plural: xgboostjobs + singular: xgboostjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[-1:].type + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: XGBoostJob is the Schema for the xgboostjobs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: XGBoostJobSpec defines the desired state of XGBoostJob + properties: + runPolicy: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + properties: + activeDeadlineSeconds: + description: |- + Specifies the duration in seconds relative to the startTime that the job may be active + before the system tries to terminate it; value must be positive integer. + format: int64 + type: integer + backoffLimit: + description: Optional number of retries before marking this job + failed. + format: int32 + type: integer + cleanPodPolicy: + description: |- + CleanPodPolicy defines the policy to kill pods after the job completes. + Default to None. + type: string + managedBy: + description: |- + ManagedBy is used to indicate the controller or entity that manages a job. + The value must be either an empty, 'kubeflow.org/training-operator' or + 'kueue.x-k8s.io/multikueue'. + The training-operator reconciles a job which doesn't have this + field at all or the field value is the reserved string + 'kubeflow.org/training-operator', but delegates reconciling the job + with 'kueue.x-k8s. + type: string + schedulingPolicy: + description: SchedulingPolicy defines the policy related to scheduling, + e.g. gang-scheduling + properties: + minAvailable: + format: int32 + type: integer + minResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + priorityClass: + type: string + queue: + type: string + x-kubernetes-validations: + - message: spec.runPolicy.schedulingPolicy.queue is immutable + rule: self == oldSelf + scheduleTimeoutSeconds: + format: int32 + type: integer + type: object + suspend: + default: false + description: |- + suspend specifies whether the Job controller should create Pods or not. + If a Job is created with suspend set to true, no Pods are created by + the Job controller. If a Job is suspended after creation (i.e. the + flag goes from false to true), the Job controller will delete all + active Pods and PodGroups associated with this Job. + Users must design their workload to gracefully handle this. + type: boolean + ttlSecondsAfterFinished: + description: |- + TTLSecondsAfterFinished is the TTL to clean up jobs. + It may take extra ReconcilePeriod seconds for the cleanup, since + reconcile gets called periodically. + Default to infinite. + format: int32 + type: integer + type: object + xgbReplicaSpecs: + additionalProperties: + description: ReplicaSpec is a description of the replica + properties: + replicas: + description: |- + Replicas is the desired number of replicas of the given template. + If unspecified, defaults to 1. + format: int32 + type: integer + restartPolicy: + description: |- + Restart policy for all replicas within the job. + One of Always, OnFailure, Never and ExitCode. + Default to Never. + type: string + template: + description: |- + Template is the object that describes the pod that + will be created for this replica. RestartPolicy in PodTemplateSpec + will be overide by RestartPolicy in ReplicaSpec + properties: + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + containers: + description: |- + List of containers belonging to the pod. + Containers cannot currently be added or removed. + There must be at least one container in a Pod. + Cannot be updated. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + ephemeralContainers: + description: |- + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + pod to perform user-initiated actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod spec. In order to add an + ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: |- + An EphemeralContainer is a temporary container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they exit or when a Pod is + removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the + Pod to exceed its resource allocation. + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the ephemeral container specified as a DNS_LABEL. + This name must be unique among all containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral + containers. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + Restart policy for the container to manage the restart behavior of each + container within a pod. + This may only be set for init containers. You cannot set this field on + ephemeral containers. + type: string + securityContext: + description: |- + Optional: SecurityContext defines the security options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral + containers. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + targetContainerName: + description: |- + If set, the name of the container from PodSpec that this ephemeral container targets. + The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + The container runtime must implement support for this feature. + type: string + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + required: + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. + type: boolean + hostname: + description: |- + Specifies the hostname of the Pod + If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + initContainers: + description: |- + List of initialization containers belonging to the pod. + Init containers are executed in order prior to containers being started. If any + init container fails, the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or normal container must be + unique among all containers. + items: + description: A single application container that you + want to run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be + a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the pod + IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is + the name of the GMSA credential spec + to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name of + a persistentVolumeClaim in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of + a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + nodeName: + description: |- + NodeName indicates in which node this pod is scheduled. + If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + This field should not be used to express a desire for the pod to be scheduled on a specific node. + https://kubernetes. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.appArmorProfile + - spec.securityContext. + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: |- + If specified, all readiness gates will be evaluated for pod readiness. + A pod is ready when all its containers are ready AND + all conditions specified in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + x-kubernetes-list-type: atomic + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim, either directly + or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim + for the pod. + + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + + Exactly one of ResourceClaimName and ResourceClaimTemplateName must + be set. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: |- + Restart policy for all containers within the pod. + One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + Default to Always. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s. + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccount: + description: |- + DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + subdomain: + description: |- + If specified, the fully qualified Pod hostname will be "...svc.". + If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a + pod that may be accessed by any container in the + pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the + pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed + availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to + the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key + type: string + shareName: + description: shareName is the azure share + Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount + on the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is handled + by certain external CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine + and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a + PhotonController persistent disk attached and + mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from + the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data to project + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is + information about the serviceAccountToken + data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - containers + type: object + type: object + type: object + type: object + required: + - xgbReplicaSpecs + type: object + status: + description: JobStatus represents the current observed state of the training + Job. + properties: + completionTime: + description: |- + Represents time when the job was completed. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + conditions: + description: Conditions is an array of current observed job conditions. + items: + description: JobCondition describes the state of the job at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition. + type: string + required: + - status + - type + type: object + type: array + lastReconcileTime: + description: |- + Represents last time when the job was reconciled. It is not guaranteed to + be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + replicaStatuses: + additionalProperties: + description: ReplicaStatus represents the current observed state + of the replica. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + labelSelector: + description: 'Deprecated: Use Selector instead' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A Selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty Selector matches all objects. A null + Selector matches no objects. + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + description: |- + ReplicaStatuses is map of ReplicaType and ReplicaStatus, + specifies the status of each replica. + type: object + startTime: + description: |- + Represents time when the job was acknowledged by the job controller. + It is not guaranteed to be set in happens-before order across separate operations. + It is represented in RFC3339 form and is in UTC. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/kubescape.io/runtimerulealertbinding.yaml b/definitions/kubescape.io/runtimerulealertbinding.yaml index 0ae736930..c36a49b93 100644 --- a/definitions/kubescape.io/runtimerulealertbinding.yaml +++ b/definitions/kubescape.io/runtimerulealertbinding.yaml @@ -10,7 +10,7 @@ spec: shortNames: - rab singular: runtimerulealertbinding - scope: Namespaced + scope: Cluster versions: - name: v1 served: true @@ -96,6 +96,4 @@ spec: type: string severity: type: string - subresources: - status: {} diff --git a/definitions/kustomize.fluxcd.io/kustomization.yaml b/definitions/kustomize.fluxcd.io/kustomization.yaml new file mode 100644 index 000000000..d159661b0 --- /dev/null +++ b/definitions/kustomize.fluxcd.io/kustomization.yaml @@ -0,0 +1,233 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: kustomizations.kustomize.fluxcd.io +spec: + group: kustomize.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the desired state of a kustomization. + properties: + dependsOn: + description: A list of kustomizations that must be ready before this + kustomization can be applied. + items: + type: string + type: array + healthChecks: + description: A list of workloads (Deployments, DaemonSets and StatefulSets) + to be included in the health assessment. + items: + description: WorkloadReference defines a reference to a Deployment, + DaemonSet or StatefulSet. + properties: + kind: + description: Kind is the type of resource being referenced. + enum: + - Deployment + - DaemonSet + - StatefulSet + type: string + name: + description: Name is the name of resource being referenced. + type: string + namespace: + description: Namespace is the namespace of resource being referenced. + type: string + required: + - kind + - name + - namespace + type: object + type: array + interval: + description: The interval at which to apply the kustomization. + type: string + path: + description: Path to the directory containing the kustomization file. + pattern: ^\./ + type: string + prune: + description: Enables garbage collection. + type: boolean + serviceAccount: + description: The Kubernetes service account used for applying the + kustomization. + properties: + name: + description: Name is the name of the service account being referenced. + type: string + namespace: + description: Namespace is the namespace of the service account + being referenced. + type: string + required: + - name + - namespace + type: object + sourceRef: + description: Reference of the source where the kustomization file + is. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent + kustomize executions, it does not apply to already started executions. + Defaults to false. + type: boolean + timeout: + description: Timeout for validation, apply and health checking operations. + Defaults to 'Interval' duration. + type: string + validation: + description: Validate the Kubernetes objects before applying them + on the cluster. The validation strategy can be 'client' (local dry-run) + or 'server' (APIServer dry-run). + enum: + - client + - server + type: string + required: + - interval + - path + - prune + - sourceRef + type: object + status: + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: Condition contains condition information for a kustomization. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + lastAppliedRevision: + description: The last successfully applied revision. The revision + format for Git sources is /. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation + attempt. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + snapshot: + description: The last successfully applied revision metadata. + properties: + entries: + description: A list of Kubernetes kinds grouped by namespace. + items: + description: Snapshot holds the metadata of namespaced Kubernetes + objects + properties: + kinds: + additionalProperties: + type: string + description: The list of Kubernetes kinds. + type: object + namespace: + description: The namespace of this entry. + type: string + required: + - kinds + type: object + type: array + revision: + description: The source revision. + type: string + required: + - entries + - revision + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/kustomize.fluxcd.io/profile.yaml b/definitions/kustomize.fluxcd.io/profile.yaml new file mode 100644 index 000000000..38e80d434 --- /dev/null +++ b/definitions/kustomize.fluxcd.io/profile.yaml @@ -0,0 +1,132 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + name: profiles.kustomize.fluxcd.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kustomize.fluxcd.io + names: + kind: Profile + listKind: ProfileList + plural: profiles + singular: profile + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + alert: + description: Alerting configuration of the kustomizations targeted by + this profile. + properties: + address: + description: HTTP(S) webhook address of this provider + type: string + channel: + description: Alert channel for this provider + type: string + type: + description: Type of provider + enum: + - slack + - discord + type: string + username: + description: Bot username for this provider + type: string + verbosity: + description: Filter alerts based on verbosity level, defaults to + ('error'). + enum: + - info + - error + type: string + required: + - address + - channel + - type + - username + type: object + kustomizations: + description: The list of kustomizations that this profile applies to. + items: + type: string + type: array + required: + - kustomizations + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + description: Condition contains condition information for a kustomization. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/lb.lbconfig.io/externalloadbalancer.yaml b/definitions/lb.lbconfig.io/externalloadbalancer.yaml new file mode 100644 index 000000000..f754b0bb4 --- /dev/null +++ b/definitions/lb.lbconfig.io/externalloadbalancer.yaml @@ -0,0 +1,225 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: externalloadbalancers.lb.lbconfig.io +spec: + group: lb.lbconfig.io + names: + kind: ExternalLoadBalancer + listKind: ExternalLoadBalancerList + plural: externalloadbalancers + singular: externalloadbalancer + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ExternalLoadBalancer is the Schema for the externalloadbalancers + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ExternalLoadBalancerSpec is the spec of a LoadBalancer instance. + properties: + backend: + description: Backend is the LoadBalancer used + type: string + monitor: + description: Monitor is the path and port to monitor the LoadBalancer + members + properties: + monitortype: + description: MonitorType is the monitor parent type. + must be one of "http", "https", "icmp", "gateway icmp", "inband", + "postgresql", "mysql", "udp" or "tcp". + type: string + name: + description: Name is the monitor name, it is set by the controller + type: string + path: + description: Path is the path URL to check for the pool members + type: string + port: + description: Port is the port this monitor should check the pool + members + type: integer + required: + - monitortype + - path + - port + type: object + nodelabels: + additionalProperties: + type: string + description: NodeLabels are the node labels used for router sharding + or exposed service. Optional. + type: object + ports: + description: Ports are the list of ports used for this Vip + items: + type: integer + type: array + type: + description: Type is the node role type (master or infra) for the LoadBalancer + instance + type: string + vip: + description: Vip is the Virtual IP configured in this LoadBalancer + instance + type: string + required: + - backend + - monitor + - ports + - vip + type: object + status: + description: ExternalLoadBalancerStatus defines the observed state of ExternalLoadBalancer + properties: + monitor: + description: Monitor defines a monitor object in the LoadBalancer. + properties: + monitortype: + description: MonitorType is the monitor parent type. + must be one of "http", "https", "icmp", "gateway icmp", "inband", + "postgresql", "mysql", "udp" or "tcp". + type: string + name: + description: Name is the monitor name, it is set by the controller + type: string + path: + description: Path is the path URL to check for the pool members + type: string + port: + description: Port is the port this monitor should check the pool + members + type: integer + required: + - monitortype + - path + - port + type: object + nodes: + items: + description: Node defines a host object in the LoadBalancer. + properties: + host: + description: Host is the host IP set dynamically by the controller + type: string + label: + additionalProperties: + type: string + description: Label is the node labels this node has + type: object + name: + description: Name is the host name set dynamically by the controller + type: string + required: + - host + type: object + type: array + pools: + items: + description: Pool defines a pool object in the LoadBalancer. + properties: + members: + description: Members is the host members of this pool + items: + description: PoolMember defines a host object in the LoadBalancer. + properties: + node: + description: Node is the node part of a pool + properties: + host: + description: Host is the host IP set dynamically by + the controller + type: string + label: + additionalProperties: + type: string + description: Label is the node labels this node has + type: object + name: + description: Name is the host name set dynamically by + the controller + type: string + required: + - host + type: object + port: + description: Port is the port for this pool member + type: integer + required: + - node + - port + type: object + type: array + monitor: + description: Monitor is the monitor name used on this pool + type: string + name: + description: Name is the Pool name, it is set by the controller + type: string + required: + - monitor + type: object + type: array + ports: + items: + type: integer + type: array + vips: + items: + description: VIP defines VIP instance in the LoadBalancer with a pool + and port + properties: + ip: + description: IP is the IP address this VIP instance listens to + type: string + name: + description: Name is the VIP instance name + type: string + pool: + description: Pool is the associated pool with this VIP + type: string + port: + description: Port is the port this VIP listens to + type: integer + required: + - ip + - name + - pool + - port + type: object + type: array + required: + - monitor + - ports + - vips + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/lb.lbconfig.io/loadbalancerbackend.yaml b/definitions/lb.lbconfig.io/loadbalancerbackend.yaml new file mode 100644 index 000000000..ff5226a15 --- /dev/null +++ b/definitions/lb.lbconfig.io/loadbalancerbackend.yaml @@ -0,0 +1,120 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: loadbalancerbackends.lb.lbconfig.io +spec: + group: lb.lbconfig.io + names: + kind: LoadBalancerBackend + listKind: LoadBalancerBackendList + plural: loadbalancerbackends + singular: loadbalancerbackend + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: LoadBalancerBackend is the Schema for the loadbalancerbackends + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LoadBalancerBackendSpec defines the backend used by the ExternalLoadBalancer + instance + properties: + provider: + description: Type is the backend provider like F5, NetScaler, NSX + properties: + creds: + description: Creds credentials secret holding the username and password + keys. + type: string + host: + description: Host is the Load Balancer API IP or Hostname. + type: string + partition: + description: Partition is the F5 partition to create the Load Balancer + instances. + type: string + port: + description: Port is the Load Balancer API Port. + type: integer + validatecerts: + description: ValidateCerts is a flag to validate or not the Load + Balancer API certificate. Defaults to false. + type: boolean + vendor: + description: Vendor is the backend provider vendor (F5, NSX, Netscaler) + type: string + required: + - creds + - host + - port + - vendor + type: object + required: + - provider + type: object + status: + description: LoadBalancerBackendStatus defines the observed state of LoadBalancerBackend + properties: + provider: + description: Provider is a backend provider for F5 Big IP Load Balancers + properties: + creds: + description: Creds credentials secret holding the username and password + keys. + type: string + host: + description: Host is the Load Balancer API IP or Hostname. + type: string + partition: + description: Partition is the F5 partition to create the Load Balancer + instances. + type: string + port: + description: Port is the Load Balancer API Port. + type: integer + validatecerts: + description: ValidateCerts is a flag to validate or not the Load + Balancer API certificate. Defaults to false. + type: boolean + vendor: + description: Vendor is the backend provider vendor (F5, NSX, Netscaler) + type: string + required: + - creds + - host + - port + - vendor + type: object + required: + - provider + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/logging.banzaicloud.io/nodeagent.yaml b/definitions/logging.banzaicloud.io/nodeagent.yaml new file mode 100644 index 000000000..9de8b630b --- /dev/null +++ b/definitions/logging.banzaicloud.io/nodeagent.yaml @@ -0,0 +1,4888 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: nodeagents.logging.banzaicloud.io +spec: + group: logging.banzaicloud.io + names: + categories: + - logging-all + kind: NodeAgent + listKind: NodeAgentList + plural: nodeagents + singular: nodeagent + scope: Cluster + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + loggingRef: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + nodeAgentFluentbit: + properties: + bufferStorage: + properties: + storage.backlog.mem_limit: + type: string + storage.checksum: + type: string + storage.delete_irrecoverable_chunks: + type: string + storage.max_chunks_up: + type: integer + storage.metrics: + type: string + storage.path: + type: string + storage.sync: + type: string + type: object + bufferStorageVolume: + properties: + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + type: object + containersPath: + type: string + coroStackSize: + format: int32 + type: integer + customConfigSecret: + type: string + daemonSet: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + minReadySeconds: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + template: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ip: + type: string + required: + - ip + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + type: object + type: object + disableKubernetesFilter: + type: boolean + enableUpstream: + type: boolean + enabled: + type: boolean + extraVolumeMounts: + items: + properties: + destination: + pattern: ^/.+$ + type: string + readOnly: + type: boolean + source: + pattern: ^/.+$ + type: string + required: + - destination + - source + type: object + type: array + filterAws: + properties: + Match: + type: string + account_id: + type: boolean + ami_id: + type: boolean + az: + type: boolean + ec2_instance_id: + type: boolean + ec2_instance_type: + type: boolean + hostname: + type: boolean + imds_version: + type: string + private_ip: + type: boolean + vpc_id: + type: boolean + type: object + filterKubernetes: + properties: + Annotations: + type: string + Buffer_Size: + type: string + Cache_Use_Docker_Id: + type: string + DNS_Retries: + type: string + DNS_Wait_Time: + type: string + Dummy_Meta: + type: string + K8S-Logging.Exclude: + type: string + K8S-Logging.Parser: + type: string + Keep_Log: + type: string + Kube_CA_File: + type: string + Kube_CA_Path: + type: string + Kube_Meta_Cache_TTL: + type: string + Kube_Tag_Prefix: + type: string + Kube_Token_File: + type: string + Kube_Token_TTL: + type: string + Kube_URL: + type: string + Kube_meta_preload_cache_dir: + type: string + Kubelet_Port: + type: string + Labels: + type: string + Match: + type: string + Merge_Log: + type: string + Merge_Log_Key: + type: string + Merge_Log_Trim: + type: string + Merge_Parser: + type: string + Regex_Parser: + type: string + Use_Journal: + type: string + Use_Kubelet: + type: string + kube_meta_namespace_cache_ttl: + type: string + namespace_annotations: + type: string + namespace_labels: + type: string + tls.debug: + type: string + tls.verify: + type: string + type: object + flush: + format: int32 + type: integer + forwardOptions: + properties: + Require_ack_response: + type: boolean + Retry_Limit: + type: string + Send_options: + type: boolean + Tag: + type: string + Time_as_Integer: + type: boolean + Workers: + type: integer + storage.total_limit_size: + type: string + type: object + grace: + format: int32 + type: integer + inputTail: + properties: + Buffer_Chunk_Size: + type: string + Buffer_Max_Size: + type: string + DB: + type: string + DB.journal_mode: + type: string + DB.locking: + type: boolean + DB_Sync: + type: string + Docker_Mode: + type: string + Docker_Mode_Flush: + type: string + Docker_Mode_Parser: + type: string + Exclude_Path: + type: string + Ignore_Older: + type: string + Key: + type: string + Mem_Buf_Limit: + type: string + Multiline: + type: string + Multiline_Flush: + type: string + Parser: + type: string + Parser_Firstline: + type: string + Parser_N: + items: + type: string + type: array + Path: + type: string + Path_Key: + type: string + Read_From_Head: + type: boolean + Refresh_Interval: + type: string + Rotate_Wait: + type: string + Skip_Long_Lines: + type: string + Tag: + type: string + Tag_Regex: + type: string + multiline.parser: + items: + type: string + type: array + storage.pause_on_chunks_overlimit: + type: string + storage.type: + type: string + type: object + livenessDefaultCheck: + type: boolean + logLevel: + type: string + metrics: + properties: + interval: + type: string + path: + type: string + port: + format: int32 + type: integer + prometheusAnnotations: + type: boolean + prometheusRules: + type: boolean + prometheusRulesOverride: + items: + properties: + alert: + type: string + annotations: + additionalProperties: + type: string + type: object + expr: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + for: + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + keep_firing_for: + minLength: 1 + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + labels: + additionalProperties: + type: string + type: object + record: + type: string + type: object + type: array + serviceMonitor: + type: boolean + serviceMonitorConfig: + properties: + additionalLabels: + additionalProperties: + type: string + type: object + honorLabels: + type: boolean + metricRelabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + relabelings: + items: + properties: + action: + default: replace + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + format: int64 + type: integer + regex: + type: string + replacement: + type: string + separator: + type: string + sourceLabels: + items: + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + type: string + type: object + type: array + scheme: + type: string + tlsConfig: + properties: + ca: + properties: + configMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + type: string + cert: + properties: + configMap: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + type: string + insecureSkipVerify: + type: boolean + keyFile: + type: string + keySecret: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + minVersion: + enum: + - TLS10 + - TLS11 + - TLS12 + - TLS13 + type: string + serverName: + type: string + type: object + type: object + timeout: + type: string + type: object + metricsService: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + allocateLoadBalancerNodePorts: + type: boolean + clusterIP: + type: string + clusterIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalName: + type: string + externalTrafficPolicy: + type: string + healthCheckNodePort: + format: int32 + type: integer + internalTrafficPolicy: + type: string + ipFamilies: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerIP: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + x-kubernetes-list-type: atomic + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + type: boolean + selector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + trafficDistribution: + type: string + type: + type: string + type: object + type: object + network: + properties: + connectTimeout: + format: int32 + type: integer + connectTimeoutLogError: + type: boolean + dnsMode: + type: string + dnsPreferIpv4: + type: boolean + dnsResolver: + type: string + keepalive: + type: boolean + keepaliveIdleTimeout: + format: int32 + type: integer + keepaliveMaxRecycle: + format: int32 + type: integer + maxWorkerConnections: + type: integer + sourceAddress: + type: string + type: object + podPriorityClassName: + type: string + positiondb: + properties: + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + host_path: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + pvc: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + source: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + type: object + security: + properties: + createOpenShiftSCC: + type: boolean + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + podSecurityPolicyCreate: + type: boolean + roleBasedAccessControlCreate: + type: boolean + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + type: object + serviceAccount: + properties: + automountServiceAccountToken: + type: boolean + imagePullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + secrets: + items: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + targetHost: + type: string + targetPort: + format: int32 + type: integer + tls: + properties: + enabled: + type: boolean + secretName: + type: string + sharedKey: + type: string + required: + - enabled + type: object + varLogsPath: + type: string + type: object + profile: + type: string + type: object + status: + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/marin3r.3scale.net/envoybootstrap.yaml b/definitions/marin3r.3scale.net/envoybootstrap.yaml new file mode 100644 index 000000000..a5d15f1ea --- /dev/null +++ b/definitions/marin3r.3scale.net/envoybootstrap.yaml @@ -0,0 +1,131 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: envoybootstraps.marin3r.3scale.net +spec: + group: marin3r.3scale.net + names: + kind: EnvoyBootstrap + listKind: EnvoyBootstrapList + plural: envoybootstraps + singular: envoybootstrap + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EnvoyBootstrap is the Schema for the envoybootstraps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EnvoyBootstrapSpec defines the desired state of EnvoyBootstrap + properties: + clientCertificate: + description: ClientCertificate is a struct containing options for + the certificate used to authenticate with the discovery service + properties: + directory: + description: Directory defines the directory in the envoy container + where the certificate will be mounted + type: string + duration: + description: The requested ‘duration’ (i.e. lifetime) of the Certificate + type: string + secretName: + description: The Secret where the certificate will be stored + type: string + required: + - directory + - duration + - secretName + type: object + discoveryService: + description: DiscoveryService is the name of the DiscoveryService + resource the envoy will be a client of + type: string + envoyStaticConfig: + description: EnvoyStaticConfig is a struct that controls options for + the envoy's static config file + properties: + adminAccessLogPath: + description: AdminAccessLogPath configures where the envoy's admin + server logs are written to + type: string + adminBindAddress: + description: AdminBindAddress is where envoy's admin server binds + to. + type: string + configFile: + description: ConfigFile is the path of envoy's bootstrap config + file + type: string + configMapNameV2: + description: The ConfigMap where the envoy client v2 static config + will be stored + type: string + configMapNameV3: + description: The ConfigMap where the envoy client v3 static config + will be stored + type: string + resourcesDir: + description: ResourcesDir is the path where resource files are + loaded from. It is used to load discovery messages directly + from the filesystem, for example in order to be able to bootstrap + certificates and support rotation when they are modified. + type: string + rtdsLayerResourceName: + description: RtdsLayerResourceName is the resource name that the + envoy client will request when askikng the discovery service + for Runtime resources. + type: string + required: + - adminAccessLogPath + - adminBindAddress + - configFile + - configMapNameV2 + - configMapNameV3 + - resourcesDir + - rtdsLayerResourceName + type: object + required: + - clientCertificate + - discoveryService + - envoyStaticConfig + type: object + status: + description: EnvoyBootstrapStatus defines the observed state of EnvoyBootstrap + properties: + configHashV2: + description: ConfigHashV2 stores the hash of the current V2 bootstrap + config generated for the given EnvoyBootstrap parameters + type: string + configHashV3: + description: ConfigHashV3 stores the hash of the current V3 bootstrap + config generated for the given EnvoyBootstrap parameters + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/mcp.upbound.io/controlplane.yaml b/definitions/mcp.upbound.io/controlplane.yaml new file mode 100644 index 000000000..7a0b58351 --- /dev/null +++ b/definitions/mcp.upbound.io/controlplane.yaml @@ -0,0 +1,389 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: controlplanes.mcp.upbound.io +spec: + group: mcp.upbound.io + names: + categories: + - crossplane + - managed + - upbound + kind: ControlPlane + listKind: ControlPlaneList + plural: controlplanes + singular: controlplane + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.atProvider.controlPlane.versionUpToDate + name: CONFIGURATION-UP-TO-DATE + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .status.atProvider.controlPlane.id + name: ID + type: string + - jsonPath: .status.atProvider.controlPlane.configuration.name + name: DEPLOYED-CONFIGURATION + type: string + - jsonPath: .status.atProvider.controlPlane.configuration.status + name: CONFIGURATION-STATUS + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: A ControlPlane is used to create a controlplane + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A ControlPlaneSpec defines the desired state of a ControlPlane. + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + description: ControlPlaneParameters are the configurable fields of + a ControlPlane. + properties: + autoUpdate: + description: "A value that indicates whether the configuration + version update takes effect immediately. \n The AutoUpdate parameter + specifically impacts the version value. If the ApplyImmediately + parameter is turned off, changes to the configuration require + updating the version field. \n By default, this parameter is + turned off." + type: boolean + configuration: + description: Configuration is the name of the predefined configuration + minLength: 1 + type: string + description: + description: Description is the description of the the control + plane + type: string + organizationName: + description: OrganizationName is the name of the organization + to which the control plane belongs. + minLength: 1 + type: string + version: + description: Version is the version of the control plane. If it + is nil, the last available version given by configuration will + be used. + type: string + required: + - configuration + - organizationName + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: A ControlPlaneStatus represents the observed state of a ControlPlane. + properties: + atProvider: + description: ControlPlaneResponse is the HTTP body returned by the + Upbound API when fetching control planes. + properties: + controlPlane: + description: ControlPlane describes a control plane. + properties: + configuration: + description: ControlPlaneConfiguration represents an instance + of a Configuration associated with a Managed Control Plane + on Upbound. + properties: + currentVersion: + type: string + deployedAt: + format: date-time + type: string + desiredVersion: + type: string + id: + type: string + latestAvailableVersion: + type: string + name: + type: string + status: + description: ConfigurationStatus represents the different + states of a Configuration relative to a Managed Control + Plane. + type: string + syncedAt: + format: date-time + type: string + required: + - id + - status + type: object + createdAt: + format: date-time + type: string + creatorId: + type: integer + description: + type: string + expiresAt: + format: date-time + type: string + id: + type: string + name: + type: string + reserved: + type: boolean + updatedAt: + format: date-time + type: string + versionUpToDate: + type: boolean + required: + - reserved + type: object + controlPlanePermission: + description: PermissionGroup describes control plane permissions + for the authenticated user. + type: string + controlPlanestatus: + description: Status is the status of a control plane on Upbound. + type: string + required: + - controlPlane + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/mcp.upbound.io/controlplaneauth.yaml b/definitions/mcp.upbound.io/controlplaneauth.yaml new file mode 100644 index 000000000..06dcbde16 --- /dev/null +++ b/definitions/mcp.upbound.io/controlplaneauth.yaml @@ -0,0 +1,384 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: controlplaneauths.mcp.upbound.io +spec: + group: mcp.upbound.io + names: + categories: + - crossplane + - managed + - upbound + kind: ControlPlaneAuth + listKind: ControlPlaneAuthList + plural: controlplaneauths + singular: controlplaneauth + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ControlPlaneAuth is used to retrieve Kubeconfig of given ControlPlane. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlPlaneAuthSpec defines the desired state of ControlPlaneAuth + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + controlPlaneName: + description: ControlPlaneName is the name of the ControlPlane + you'd like to fetch Kubeconfig of. Either ControlPlaneName, + ControlPlaneNameRef or ControlPlaneNameSelector has to be given. + type: string + controlPlaneNameRef: + description: Reference to a ControlPlane to populate controlPlaneName. + Either ControlPlaneName, ControlPlaneNameRef or ControlPlaneNameSelector + has to be given. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + controlPlaneNameSelector: + description: Selector for a ControlPlane to populate controlPlaneName. + Either ClusterName, ClusterNameRef or ClusterNameSelector has + to be given. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + organizationName: + description: OrganizationName is the name of the organization + to which the control plane belongs. + minLength: 1 + type: string + tokenSecretRef: + description: A Token ConnectionSecret is referenced to serve as + the authentication token for a KubeConfig + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + required: + - organizationName + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: ControlPlaneAuthStatus defines the observed state of ControlPlaneAuth. + properties: + atProvider: + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/mcp.upbound.io/controlplanepermission.yaml b/definitions/mcp.upbound.io/controlplanepermission.yaml new file mode 100644 index 000000000..02f5b20c2 --- /dev/null +++ b/definitions/mcp.upbound.io/controlplanepermission.yaml @@ -0,0 +1,475 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: controlplanepermissions.mcp.upbound.io +spec: + group: mcp.upbound.io + names: + categories: + - crossplane + - managed + - upbound + kind: ControlPlanePermission + listKind: ControlPlanePermissionList + plural: controlplanepermissions + singular: controlplanepermission + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: A ControlPlanePermission is used to grant control plane permissions + to a team. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A ControlPlanePermissionSpec defines the desired state of + a ControlPlanePermission. + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + description: ControlPlanePermissionParameters are the configurable + fields of a ControlPlanePermission. + properties: + controlPlaneName: + description: ControlPlaneName is the name of the control plane + to which the permission will be granted. + type: string + controlPlaneNameRef: + description: ControlPlaneNameRef references a Team to retrieve + its name to populate ControlPlaneName. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + controlPlaneNameSelector: + description: ControlPlaneNameSelector selects a reference to a + Team to populate ControlPlaneNameDRef. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + organizationName: + description: OrganizationName is the name of the organization + to which the control plane belongs. + type: string + permission: + description: Permission is the permission to grant to the team. + enum: + - editor + - viewer + - owner + type: string + teamId: + description: TeamID is the name of the team the control plane + permission will be granted to. + type: string + teamIdRef: + description: TeamIDRef references a Team to retrieve its name + to populate TeamID. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + teamIdSelector: + description: TeamIDSelector selects a reference to a Team to populate + TeamIDRef. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the + same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels + is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object + required: + - organizationName + - permission + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + status: + description: A ControlPlanePermissionStatus represents the observed state + of a ControlPlanePermission. + properties: + atProvider: + description: ControlPlanePermissionObservation are the observable + fields of a ControlPlanePermission. + properties: + accountId: + description: AccountID is the ID of the account that the team + belongs to, i.e. organization account. + type: integer + createdAt: + description: CreatedAt is the time the control plane permission + was created. + format: date-time + type: string + creatorId: + description: CreatorID is the ID of the user that created the + control plane permission. + type: integer + updatedAt: + description: UpdatedAt is the time the control plane permission + was last updated. + format: date-time + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/networking.gke.io/gcpingressparams.yaml b/definitions/networking.gke.io/gcpingressparams.yaml new file mode 100644 index 000000000..8bf4ec8cf --- /dev/null +++ b/definitions/networking.gke.io/gcpingressparams.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: gcpingressparams.networking.gke.io +spec: + group: networking.gke.io + names: + kind: GCPIngressParams + listKind: GCPIngressParamsList + plural: gcpingressparams + singular: gcpingressparams + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + internal: + type: boolean + required: + - internal + type: object + status: + type: object + type: object + served: true + storage: true diff --git a/definitions/networking.internal.knative.dev/clusteringress.yaml b/definitions/networking.internal.knative.dev/clusteringress.yaml new file mode 100644 index 000000000..3b45d76c8 --- /dev/null +++ b/definitions/networking.internal.knative.dev/clusteringress.yaml @@ -0,0 +1,26 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusteringresses.networking.internal.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: networking.internal.knative.dev + names: + categories: + - all + - knative-internal + - networking + kind: ClusterIngress + plural: clusteringresses + singular: clusteringress + scope: Cluster + subresources: + status: {} + version: v1alpha1 + diff --git a/definitions/notification.fluxcd.io/alert.yaml b/definitions/notification.fluxcd.io/alert.yaml new file mode 100644 index 000000000..c80aafe79 --- /dev/null +++ b/definitions/notification.fluxcd.io/alert.yaml @@ -0,0 +1,143 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: alerts.notification.fluxcd.io +spec: + group: notification.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a + list of objects + properties: + eventSeverity: + description: Filter events based on severity, defaults to ('info'). + enum: + - info + - error + type: string + eventSources: + description: Filter events based on the involved objects + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent + type: string + required: + - name + type: object + type: array + providerRef: + description: Send events using this provider + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + suspend: + description: This flag tells the controller to suspend subsequent + events dispatching. Defaults to false. + type: boolean + required: + - eventSources + - providerRef + type: object + status: + description: AlertStatus defines the observed state of Alert + properties: + conditions: + items: + description: Condition contains condition information for a notification + object. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/notification.fluxcd.io/provider.yaml b/definitions/notification.fluxcd.io/provider.yaml new file mode 100644 index 000000000..82f2ccac4 --- /dev/null +++ b/definitions/notification.fluxcd.io/provider.yaml @@ -0,0 +1,121 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: providers.notification.fluxcd.io +spec: + group: notification.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + address: + description: HTTP(S) webhook address of this provider + type: string + channel: + description: Alert channel for this provider + type: string + secretRef: + description: Secret reference containing the provider webhook URL + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: + description: Type of provider + enum: + - slack + - discord + - msteams + - rocket + - generic + type: string + username: + description: Bot username for this provider + type: string + required: + - type + type: object + status: + description: ProviderStatus defines the observed state of Provider + properties: + conditions: + items: + description: Condition contains condition information for a notification + object. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/notification.fluxcd.io/receiver.yaml b/definitions/notification.fluxcd.io/receiver.yaml new file mode 100644 index 000000000..c15308802 --- /dev/null +++ b/definitions/notification.fluxcd.io/receiver.yaml @@ -0,0 +1,156 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: receivers.notification.fluxcd.io +spec: + group: notification.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of Receiver + properties: + events: + description: A list of events to handle, e.g. 'push' for GitHub or + 'Push Hook' for GitLab. + items: + type: string + type: array + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information + to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent + type: string + required: + - name + type: object + type: array + secretRef: + description: Secret reference containing the token used to validate + the payload authenticity + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + suspend: + description: This flag tells the controller to suspend subsequent + events handling. Defaults to false. + type: boolean + type: + description: Type of webhook sender, used to determine the validation + procedure and payload deserialization. + enum: + - generic + - github + - gitlab + - bitbucket + - harbor + type: string + required: + - resources + - type + type: object + status: + description: ReceiverStatus defines the observed state of Receiver + properties: + conditions: + items: + description: Condition contains condition information for a notification + object. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + url: + description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/opentofu.upbound.io/storeconfig.yaml b/definitions/opentofu.upbound.io/storeconfig.yaml new file mode 100644 index 000000000..60c6f5811 --- /dev/null +++ b/definitions/opentofu.upbound.io/storeconfig.yaml @@ -0,0 +1,224 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: storeconfigs.opentofu.upbound.io +spec: + group: opentofu.upbound.io + names: + categories: + - crossplane + - store + - opentofu + kind: StoreConfig + listKind: StoreConfigList + plural: storeconfigs + singular: storeconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .spec.defaultScope + name: DEFAULT-SCOPE + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: A StoreConfig configures how the controller should store connection + details. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: A StoreConfigSpec defines the desired state of a ProviderConfig. + properties: + defaultScope: + description: |- + DefaultScope used for scoping secrets for "cluster-scoped" resources. + If store type is "Kubernetes", this would mean the default namespace to + store connection secrets for cluster scoped resources. + In case of "Vault", this would be used as the default parent path. + Typically, should be set as Crossplane installation namespace. + type: string + kubernetes: + description: |- + Kubernetes configures a Kubernetes secret store. + If the "type" is "Kubernetes" but no config provided, in cluster config + will be used. + properties: + auth: + description: Credentials used to connect to the Kubernetes API. + properties: + env: + description: |- + Env is a reference to an environment variable that contains credentials + that must be used to connect to the provider. + properties: + name: + description: Name is the name of an environment variable. + type: string + required: + - name + type: object + fs: + description: |- + Fs is a reference to a filesystem location that contains credentials that + must be used to connect to the provider. + properties: + path: + description: Path is a filesystem path. + type: string + required: + - path + type: object + secretRef: + description: |- + A SecretRef is a reference to a secret key that contains the credentials + that must be used to connect to the provider. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + source: + description: Source of the credentials. + enum: + - None + - Secret + - Environment + - Filesystem + type: string + required: + - source + type: object + required: + - auth + type: object + plugin: + description: Plugin configures External secret store as a plugin. + properties: + configRef: + description: ConfigRef contains store config reference info. + properties: + apiVersion: + description: APIVersion of the referenced config. + type: string + kind: + description: Kind of the referenced config. + type: string + name: + description: Name of the referenced config. + type: string + required: + - apiVersion + - kind + - name + type: object + endpoint: + description: Endpoint is the endpoint of the gRPC server. + type: string + type: object + type: + default: Kubernetes + description: |- + Type configures which secret store to be used. Only the configuration + block for this store will be used and others will be ignored if provided. + Default is Kubernetes. + enum: + - Kubernetes + - Vault + - Plugin + type: string + required: + - defaultScope + type: object + status: + description: A StoreConfigStatus represents the status of a StoreConfig. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/packages.eks.amazonaws.com/packagecontroller.yaml b/definitions/packages.eks.amazonaws.com/packagecontroller.yaml new file mode 100644 index 000000000..9b87a8479 --- /dev/null +++ b/definitions/packages.eks.amazonaws.com/packagecontroller.yaml @@ -0,0 +1,59 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: packagecontrollers.packages.eks.amazonaws.com +spec: + group: packages.eks.amazonaws.com + names: + kind: PackageController + listKind: PackageControllerList + plural: packagecontrollers + singular: packagecontroller + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PackageController is the Schema for the packagecontrollers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PackageControllerSpec defines the desired state of PackageController + properties: + logLevel: + description: Optional log level for packages controller + format: int32 + type: integer + upgradeCheckInterval: + description: "UpgradeCheckInterval is the time between upgrade checks. + \n The format is that of time's ParseDuration." + type: string + type: object + status: + description: PackageControllerStatus defines the observed state of PackageController + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/pg.percona.com/perconapgbackup.yaml b/definitions/pg.percona.com/perconapgbackup.yaml new file mode 100644 index 000000000..33453dbca --- /dev/null +++ b/definitions/pg.percona.com/perconapgbackup.yaml @@ -0,0 +1,60 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: perconapgbackups.pg.percona.com +spec: + group: pg.percona.com + names: + kind: PerconaPGBackup + listKind: PerconaPGBackupList + plural: perconapgbackups + shortNames: + - pg-backup + singular: perconapgbackup + scope: Namespaced + versions: + - name: v2beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + options: + items: + type: string + type: array + pgCluster: + type: string + repoName: + pattern: ^repo[1-4] + type: string + required: + - pgCluster + - repoName + type: object + status: + properties: + completed: + format: date-time + type: string + jobName: + type: string + state: + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/pg.percona.com/perconapgcluster.yaml b/definitions/pg.percona.com/perconapgcluster.yaml new file mode 100644 index 000000000..6f02d327f --- /dev/null +++ b/definitions/pg.percona.com/perconapgcluster.yaml @@ -0,0 +1,5880 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: perconapgclusters.pg.percona.com +spec: + group: pg.percona.com + names: + kind: PerconaPGCluster + listKind: PerconaPGClusterList + plural: perconapgclusters + shortNames: + - pg + singular: perconapgcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.host + name: Endpoint + type: string + - jsonPath: .status.state + name: Status + type: string + - jsonPath: .status.postgres.ready + name: Postgres + type: string + - jsonPath: .status.pgbouncer.ready + name: PGBouncer + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + backups: + properties: + pgbackrest: + properties: + configuration: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + global: + additionalProperties: + type: string + type: object + image: + type: string + jobs: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + priorityClassName: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + ttlSecondsAfterFinished: + format: int32 + minimum: 60 + type: integer + type: object + manual: + properties: + options: + items: + type: string + type: array + repoName: + pattern: ^repo[1-4] + type: string + required: + - repoName + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + repoHost: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + priorityClassName: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + sshConfigMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + sshSecret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + repos: + items: + properties: + azure: + properties: + container: + type: string + required: + - container + type: object + gcs: + properties: + bucket: + type: string + required: + - bucket + type: object + name: + pattern: ^repo[1-4] + type: string + s3: + properties: + bucket: + type: string + endpoint: + type: string + region: + type: string + required: + - bucket + - endpoint + - region + type: object + schedules: + properties: + differential: + minLength: 6 + type: string + full: + minLength: 6 + type: string + incremental: + minLength: 6 + type: string + type: object + volume: + properties: + volumeClaimSpec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - volumeClaimSpec + type: object + required: + - name + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restore: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + clusterName: + type: string + clusterNamespace: + type: string + enabled: + default: false + type: boolean + options: + items: + type: string + type: array + priorityClassName: + type: string + repoName: + pattern: ^repo[1-4] + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + required: + - enabled + - repoName + type: object + sidecars: + properties: + pgbackrest: + properties: + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + pgbackrestConfig: + properties: + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: object + required: + - repos + type: object + required: + - pgbackrest + type: object + dataSource: + properties: + pgbackrest: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + configuration: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + global: + additionalProperties: + type: string + type: object + options: + items: + type: string + type: array + priorityClassName: + type: string + repo: + properties: + azure: + properties: + container: + type: string + required: + - container + type: object + gcs: + properties: + bucket: + type: string + required: + - bucket + type: object + name: + pattern: ^repo[1-4] + type: string + s3: + properties: + bucket: + type: string + endpoint: + type: string + region: + type: string + required: + - bucket + - endpoint + - region + type: object + schedules: + properties: + differential: + minLength: 6 + type: string + full: + minLength: 6 + type: string + incremental: + minLength: 6 + type: string + type: object + volume: + properties: + volumeClaimSpec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - volumeClaimSpec + type: object + required: + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + stanza: + default: db + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + required: + - repo + - stanza + type: object + postgresCluster: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + clusterName: + type: string + clusterNamespace: + type: string + options: + items: + type: string + type: array + priorityClassName: + type: string + repoName: + pattern: ^repo[1-4] + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + required: + - repoName + type: object + volumes: + properties: + pgBackRestVolume: + properties: + directory: + type: string + pvcName: + type: string + required: + - pvcName + type: object + pgDataVolume: + properties: + directory: + type: string + pvcName: + type: string + required: + - pvcName + type: object + pgWALVolume: + properties: + directory: + type: string + pvcName: + type: string + required: + - pvcName + type: object + type: object + type: object + databaseInitSQL: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + expose: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + nodePort: + format: int32 + type: integer + type: + default: ClusterIP + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + image: + type: string + imagePullPolicy: + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + instances: + items: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + dataVolumeClaimSpec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + default: "" + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$ + type: string + priorityClassName: + type: string + replicas: + default: 1 + format: int32 + minimum: 1 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + walVolumeClaimSpec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - dataVolumeClaimSpec + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + openshift: + type: boolean + patroni: + properties: + dynamicConfiguration: + type: object + x-kubernetes-preserve-unknown-fields: true + leaderLeaseDurationSeconds: + default: 30 + format: int32 + minimum: 3 + type: integer + port: + default: 8008 + format: int32 + minimum: 1024 + type: integer + switchover: + properties: + enabled: + type: boolean + targetInstance: + type: string + type: + default: Switchover + enum: + - Switchover + - Failover + type: string + required: + - enabled + type: object + syncPeriodSeconds: + default: 10 + format: int32 + minimum: 1 + type: integer + type: object + pause: + type: boolean + pmm: + properties: + containerSecurityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + enabled: + type: boolean + image: + type: string + imagePullPolicy: + enum: + - Always + - Never + - IfNotPresent + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeClassName: + type: string + secret: + type: string + serverHost: + type: string + required: + - enabled + - image + - secret + - serverHost + type: object + port: + default: 5432 + format: int32 + minimum: 1024 + type: integer + postgresVersion: + maximum: 15 + minimum: 10 + type: integer + proxy: + properties: + pgBouncer: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + config: + properties: + databases: + additionalProperties: + type: string + type: object + files: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + global: + additionalProperties: + type: string + type: object + users: + additionalProperties: + type: string + type: object + type: object + customTLSSecret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + expose: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + nodePort: + format: int32 + type: integer + type: + default: ClusterIP + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + image: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + port: + default: 5432 + format: int32 + minimum: 1024 + type: integer + priorityClassName: + type: string + replicas: + default: 1 + format: int32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + required: + - pgBouncer + type: object + secrets: + properties: + customReplicationTLSSecret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + customTLSSecret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + standby: + properties: + enabled: + default: true + type: boolean + host: + type: string + port: + format: int32 + minimum: 1024 + type: integer + repoName: + pattern: ^repo[1-4] + type: string + type: object + unmanaged: + type: boolean + users: + items: + properties: + databases: + items: + maxLength: 63 + minLength: 1 + type: string + type: array + x-kubernetes-list-type: set + name: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + options: + pattern: ^[^;]*$ + type: string + password: + properties: + type: + default: ASCII + enum: + - ASCII + - AlphaNumeric + type: string + required: + - type + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - backups + - instances + - postgresVersion + type: object + status: + properties: + host: + type: string + pgbouncer: + properties: + ready: + format: int32 + type: integer + size: + format: int32 + type: integer + required: + - ready + - size + type: object + postgres: + properties: + instances: + items: + properties: + name: + type: string + ready: + format: int32 + type: integer + size: + format: int32 + type: integer + required: + - name + - ready + - size + type: object + type: array + ready: + format: int32 + type: integer + size: + format: int32 + type: integer + required: + - instances + - ready + - size + type: object + state: + type: string + required: + - pgbouncer + - postgres + - state + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/pg.percona.com/perconapgrestore.yaml b/definitions/pg.percona.com/perconapgrestore.yaml new file mode 100644 index 000000000..0a669039e --- /dev/null +++ b/definitions/pg.percona.com/perconapgrestore.yaml @@ -0,0 +1,60 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + name: perconapgrestores.pg.percona.com +spec: + group: pg.percona.com + names: + kind: PerconaPGRestore + listKind: PerconaPGRestoreList + plural: perconapgrestores + shortNames: + - pg-restore + singular: perconapgrestore + scope: Namespaced + versions: + - name: v2beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + options: + items: + type: string + type: array + pgCluster: + type: string + repoName: + pattern: ^repo[1-4] + type: string + required: + - pgCluster + - repoName + type: object + status: + properties: + completed: + format: date-time + type: string + jobName: + type: string + state: + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/definitions/pingcap.com/backup.yaml b/definitions/pingcap.com/backup.yaml index 4490b554f..0ef772a17 100644 --- a/definitions/pingcap.com/backup.yaml +++ b/definitions/pingcap.com/backup.yaml @@ -331,18 +331,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -386,6 +374,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -574,6 +564,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -939,6 +966,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1007,6 +1044,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1073,6 +1120,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1141,6 +1198,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1639,18 +1706,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1694,6 +1749,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1882,6 +1939,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2313,6 +2407,8 @@ spec: type: string useKMS: type: boolean + volumeAttributesClassName: + type: string volumeBackupInitJobMaxActiveSeconds: default: 600 type: integer diff --git a/definitions/pingcap.com/backupschedule.yaml b/definitions/pingcap.com/backupschedule.yaml index 4e9f7b26d..980684f3b 100644 --- a/definitions/pingcap.com/backupschedule.yaml +++ b/definitions/pingcap.com/backupschedule.yaml @@ -323,18 +323,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -378,6 +366,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -566,6 +556,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -931,6 +958,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -999,6 +1036,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1065,6 +1112,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1133,6 +1190,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1631,18 +1698,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1686,6 +1741,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1874,6 +1931,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2305,6 +2399,8 @@ spec: type: string useKMS: type: boolean + volumeAttributesClassName: + type: string volumeBackupInitJobMaxActiveSeconds: default: 600 type: integer @@ -2604,18 +2700,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2659,6 +2743,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2847,6 +2933,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -3212,6 +3335,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -3280,6 +3413,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -3346,6 +3489,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -3414,6 +3567,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -3836,18 +3999,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3891,6 +4042,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -4079,6 +4232,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -4763,18 +4953,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4818,6 +4996,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -5006,6 +5186,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -5517,18 +5734,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5572,6 +5777,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -5760,6 +5967,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -6125,6 +6369,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -6193,6 +6447,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -6259,6 +6523,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -6327,6 +6601,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -6825,18 +7109,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6880,6 +7152,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -7068,6 +7342,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -7499,6 +7810,8 @@ spec: type: string useKMS: type: boolean + volumeAttributesClassName: + type: string volumeBackupInitJobMaxActiveSeconds: default: 600 type: integer @@ -7556,6 +7869,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - backupTemplate - schedule diff --git a/definitions/pingcap.com/compactbackup.yaml b/definitions/pingcap.com/compactbackup.yaml index cd8f91e78..162faccb9 100644 --- a/definitions/pingcap.com/compactbackup.yaml +++ b/definitions/pingcap.com/compactbackup.yaml @@ -295,18 +295,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -350,6 +338,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -538,6 +528,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -903,6 +930,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -971,6 +1008,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1037,6 +1084,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1105,6 +1162,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1527,18 +1594,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1582,6 +1637,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1770,6 +1827,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: diff --git a/definitions/pingcap.com/dmcluster.yaml b/definitions/pingcap.com/dmcluster.yaml index ca09b4513..4a4463e84 100644 --- a/definitions/pingcap.com/dmcluster.yaml +++ b/definitions/pingcap.com/dmcluster.yaml @@ -198,6 +198,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -266,6 +276,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -332,6 +352,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -400,6 +430,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -585,6 +625,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -635,6 +683,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1314,18 +1370,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1369,6 +1413,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1557,6 +1603,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1924,6 +2007,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1992,6 +2085,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2058,6 +2161,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2126,6 +2239,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2444,6 +2567,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2494,6 +2625,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3287,6 +3426,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3337,6 +3484,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -4016,18 +4171,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4071,6 +4214,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -4259,6 +4404,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -4624,6 +4806,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4692,6 +4884,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4758,6 +4960,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4826,6 +5038,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -5151,6 +5373,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -5201,6 +5431,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -5844,6 +6082,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - replicas type: object @@ -6132,6 +6372,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -6182,6 +6430,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -6861,18 +7117,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6916,6 +7160,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -7104,6 +7350,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -7469,6 +7752,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -7537,6 +7830,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -7603,6 +7906,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -7671,6 +7984,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -8001,6 +8324,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -8051,6 +8382,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -8657,6 +8996,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - replicas type: object diff --git a/definitions/pingcap.com/restore.yaml b/definitions/pingcap.com/restore.yaml index 7f9035598..a54935b80 100644 --- a/definitions/pingcap.com/restore.yaml +++ b/definitions/pingcap.com/restore.yaml @@ -304,18 +304,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -359,6 +347,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -547,6 +537,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -912,6 +939,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -980,6 +1017,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1046,6 +1093,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1114,6 +1171,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1539,18 +1606,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1594,6 +1649,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1782,6 +1839,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2318,18 +2412,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2373,6 +2455,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2561,6 +2645,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -3043,6 +3164,8 @@ spec: type: boolean volumeAZ: type: string + volumeAttributesClassName: + type: string warmup: type: string warmupImage: diff --git a/definitions/pingcap.com/tidbcluster.yaml b/definitions/pingcap.com/tidbcluster.yaml index 45961b931..79df77611 100644 --- a/definitions/pingcap.com/tidbcluster.yaml +++ b/definitions/pingcap.com/tidbcluster.yaml @@ -212,6 +212,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -280,6 +290,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -346,6 +366,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -414,6 +444,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -612,6 +652,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -662,6 +710,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -1341,18 +1397,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1396,6 +1440,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1584,6 +1630,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1949,6 +2032,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2017,6 +2110,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2083,6 +2186,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2151,6 +2264,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2469,6 +2592,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2519,6 +2650,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3329,6 +3468,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3379,6 +3526,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -4058,18 +4213,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4113,6 +4256,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -4301,6 +4446,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -4666,6 +4848,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4734,6 +4926,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4800,6 +5002,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4868,6 +5080,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -5195,6 +5417,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -5245,6 +5475,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -5861,6 +6099,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize @@ -5919,6 +6159,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - replicas type: object @@ -6070,6 +6312,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -6120,6 +6370,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -6799,18 +7057,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6854,6 +7100,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -7042,6 +7290,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -7407,6 +7692,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -7475,6 +7770,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -7541,6 +7846,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -7609,6 +7924,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -7932,6 +8257,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -7982,6 +8315,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -8591,6 +8932,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize @@ -8649,6 +8992,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - name - replicas @@ -8867,6 +9212,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -8915,7 +9268,15 @@ spec: scheme: type: string required: - - port + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds type: object tcpSocket: properties: @@ -9596,18 +9957,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -9651,6 +10000,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -9839,6 +10190,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -10204,6 +10592,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -10272,6 +10670,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -10338,6 +10746,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -10406,6 +10824,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -10729,6 +11157,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -10779,6 +11215,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -11381,6 +11825,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - replicas type: object @@ -11562,6 +12008,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -11612,6 +12066,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -12291,18 +12753,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -12346,6 +12796,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -12534,6 +12986,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -12899,6 +13388,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -12967,6 +13466,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -13033,6 +13542,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -13101,6 +13620,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -13426,6 +13955,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -13476,6 +14013,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -14036,6 +14581,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize @@ -14096,6 +14643,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - replicas type: object @@ -14242,6 +14791,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -14292,6 +14849,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -14971,18 +15536,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -15026,6 +15579,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -15214,6 +15769,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -15579,6 +16171,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -15647,6 +16249,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -15713,6 +16325,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -15781,6 +16403,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -16141,6 +16773,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -16191,6 +16831,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -16668,6 +17316,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -16718,6 +17374,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -16980,6 +17644,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize @@ -17047,6 +17713,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - replicas type: object @@ -17193,6 +17861,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -17243,6 +17919,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -17922,18 +18606,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -17977,6 +18649,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -18165,6 +18839,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -18530,6 +19241,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -18598,6 +19319,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -18664,6 +19395,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -18732,6 +19473,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -19065,6 +19816,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -19115,6 +19874,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -19779,6 +20546,8 @@ spec: type: object storageClassName: type: string + volumeAttributesClassName: + type: string type: object type: array suspendAction: @@ -19979,6 +20748,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -20029,6 +20806,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -20708,18 +21493,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -20763,6 +21536,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -20951,6 +21726,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -21316,6 +22128,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -21384,6 +22206,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -21450,6 +22282,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -21518,6 +22360,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -21852,6 +22704,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -21902,6 +22762,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -22526,6 +23394,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize @@ -22586,6 +23456,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string waitLeaderTransferBackTimeout: type: string required: @@ -22736,6 +23608,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -22786,6 +23666,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -23465,18 +24353,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -23520,6 +24396,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -23708,6 +24586,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -24073,6 +24988,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -24141,6 +25066,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -24207,6 +25142,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -24275,6 +25220,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -24600,6 +25555,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -24650,6 +25613,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -25212,6 +26183,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize @@ -25270,6 +26243,8 @@ spec: x-kubernetes-list-type: map version: type: string + volumeAttributesClassName: + type: string required: - replicas type: object diff --git a/definitions/pingcap.com/tidbdashboard.yaml b/definitions/pingcap.com/tidbdashboard.yaml index fae493c0a..92ef6e2dd 100644 --- a/definitions/pingcap.com/tidbdashboard.yaml +++ b/definitions/pingcap.com/tidbdashboard.yaml @@ -169,6 +169,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -219,6 +227,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -898,18 +914,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -953,6 +957,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1141,6 +1147,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1506,6 +1549,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1574,6 +1627,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1640,6 +1703,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1708,6 +1781,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2048,6 +2131,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2098,6 +2189,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2691,6 +2790,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize diff --git a/definitions/pingcap.com/tidbmonitor.yaml b/definitions/pingcap.com/tidbmonitor.yaml index e859b0766..69b71efec 100644 --- a/definitions/pingcap.com/tidbmonitor.yaml +++ b/definitions/pingcap.com/tidbmonitor.yaml @@ -169,6 +169,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -219,6 +227,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -878,18 +894,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -933,6 +937,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1121,6 +1127,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: diff --git a/definitions/pingcap.com/tidbngmonitoring.yaml b/definitions/pingcap.com/tidbngmonitoring.yaml index 6f05ceced..8569960f9 100644 --- a/definitions/pingcap.com/tidbngmonitoring.yaml +++ b/definitions/pingcap.com/tidbngmonitoring.yaml @@ -169,6 +169,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -219,6 +227,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -898,18 +914,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -953,6 +957,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -1141,6 +1147,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -1506,6 +1549,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1574,6 +1627,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1640,6 +1703,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1708,6 +1781,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -2031,6 +2114,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2081,6 +2172,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2657,6 +2756,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -2707,6 +2814,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -3386,18 +3501,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3441,6 +3544,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -3629,6 +3734,43 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -3994,6 +4136,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4062,6 +4214,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4128,6 +4290,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4196,6 +4368,16 @@ spec: type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -4519,6 +4701,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -4569,6 +4759,14 @@ spec: required: - port type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object tcpSocket: properties: host: @@ -5125,6 +5323,8 @@ spec: type: string storageSize: type: string + volumeAttributesClassName: + type: string required: - name - storageSize diff --git a/definitions/piraeus.linbit.com/linstorcontroller.yaml b/definitions/piraeus.linbit.com/linstorcontroller.yaml new file mode 100644 index 000000000..fead84789 --- /dev/null +++ b/definitions/piraeus.linbit.com/linstorcontroller.yaml @@ -0,0 +1,4042 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: linstorcontrollers.piraeus.linbit.com +spec: + group: piraeus.linbit.com + names: + kind: LinstorController + listKind: LinstorControllerList + plural: linstorcontrollers + singular: linstorcontroller + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: LinstorController is the Schema for the linstorcontrollers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LinstorControllerSpec defines the desired state of LinstorController + properties: + additionalEnv: + description: AdditionalEnv is a list of extra environments variables + to pass to the controller container + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + nullable: true + type: array + additionalProperties: + additionalProperties: + type: string + description: AdditionalProperties is a map of additional properties + to set on the Linstor controller + nullable: true + type: object + affinity: + description: Affinity for scheduling the controller pod + nullable: true + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + controllerImage: + description: controllerImage is the image (location + tag) for the + LINSTOR controller/server container + type: string + dbCertSecret: + description: DBCertSecret is the name of the kubernetes secret that + holds the CA certificate used to verify the datatbase connection. + The secret must contain a key "ca.crt" which holds the certificate + in PEM format + nullable: true + type: string + dbConnectionURL: + description: DBConnectionURL is the URL of the ETCD endpoint for LINSTOR + Controller + type: string + dbUseClientCert: + description: Use a TLS client certificate for authentication with + the database (etcd). If set to true, `dbCertSecret` must be set + and contain two additional entries "tls.crt" (PEM encoded) and "tls.key" + (PEM encoded, without passphrase). + type: boolean + drbdRepoCred: + description: DrbdRepoCred is the name of the kubernetes secret that + holds the credential for the DRBD repositories + type: string + extraVolumes: + description: ExtraVolumes are additional volumes which can be added + to the pods. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + nullable: true + type: array + httpBindAddress: + description: HttpBindAddress is address used to bind HTTP listener + nullable: true + type: string + httpsBindAddress: + description: HttpsBindAddress is address used to bind HTTPS listener + nullable: true + type: string + imagePullPolicy: + description: Pull policy applied to all pods started from this controller + type: string + linstorHttpsClientSecret: + description: 'Name of the secret containing: (a) `ca.crt`: root certificate + used to validate HTTPS connections with Linstor (PEM format, without + password) (b) `tls.key`: client key used by the linstor client (PEM + format, without password) (c) `tls.crt`: client certificate matching + the client key (PEM format, without password) If set, HTTPS is used + for connecting and authenticating with linstor' + type: string + linstorHttpsControllerSecret: + description: Name of the secret containing the java keystore (`keystore.jks`) + used to enable HTTPS on the controller. The controller will create + a secured https endpoint on port 3371 with the key stored in `keystore.jks`. + The keystore must be secured using the passphrase "linstor". Also + needs to contain a truststore `truststore.jks`, which will be used + to authenticate clients. + type: string + logLevel: + description: LogLevel sets the log level for deployed components. + enum: + - error + - warn + - info + - debug + - trace + nullable: true + type: string + luksSecret: + description: Name of the secret containing the master passphrase for + LUKS devices as `MASTER_PASSPHRASE` + nullable: true + type: string + priorityClassName: + description: priorityClassName is the name of the PriorityClass for + the controller pods + type: string + replicas: + description: Number of replicas in the controller deployment + format: int32 + nullable: true + type: integer + resources: + description: Resource requirements for the LINSTOR controller pod + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceAccountName: + description: Name of the service account that runs leader elections + for linstor + type: string + sidecars: + description: Sidecars are additional containers which can be added + to the pods. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + nullable: true + type: array + sslSecret: + description: Name of k8s secret that holds the SSL key for a node + (called `keystore.jks`) and the trusted certificates (called `certificates.jks`) + nullable: true + type: string + tolerations: + description: Tolerations for scheduling the controller pod + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nullable: true + type: array + required: + - controllerImage + - dbConnectionURL + - drbdRepoCred + - priorityClassName + type: object + status: + description: LinstorControllerStatus defines the observed state of LinstorController + properties: + ControllerProperties: + additionalProperties: + type: string + description: properties set on the Linstor controller + type: object + ControllerStatus: + description: ControllerStatus information. + properties: + nodeName: + description: The hostname of the kubelet running the node + type: string + registeredOnController: + description: Indicates if the node has been created on the controller. + type: boolean + required: + - nodeName + - registeredOnController + type: object + SatelliteStatuses: + description: SatelliteStatuses by hostname. + items: + description: SatelliteStatus should provide all the information + that the reconsile loop needs to manage the operation of the LINSTOR + Satellite. + properties: + connectionStatus: + description: As indicated by Linstor + type: string + nodeName: + description: The hostname of the kubelet running the node + type: string + registeredOnController: + description: Indicates if the node has been created on the controller. + type: boolean + storagePoolStatus: + description: StoragePoolStatuses by storage pool name. + items: + description: StoragePoolStatus reports basic information about + storage pool state. + properties: + freeCapacity: + description: Usage reporting + format: int64 + type: integer + name: + description: The name of the storage pool. + type: string + nodeName: + description: The hostname of the kubelet hosting the storage + pool. + type: string + provider: + description: Provider is the underlying storage, lvm, + zfs, etc. + type: string + totalCapacity: + format: int64 + type: integer + required: + - freeCapacity + - name + - nodeName + - provider + - totalCapacity + type: object + type: array + required: + - connectionStatus + - nodeName + - registeredOnController + - storagePoolStatus + type: object + type: array + errors: + description: Errors remaining that will trigger reconciliations. + items: + type: string + type: array + required: + - ControllerStatus + - SatelliteStatuses + - errors + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/piraeus.linbit.com/linstorcontrollerset.yaml b/definitions/piraeus.linbit.com/linstorcontrollerset.yaml new file mode 100644 index 000000000..6b7467689 --- /dev/null +++ b/definitions/piraeus.linbit.com/linstorcontrollerset.yaml @@ -0,0 +1,827 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: linstorcontrollersets.piraeus.linbit.com +spec: + group: piraeus.linbit.com + names: + kind: LinstorControllerSet + listKind: LinstorControllerSetList + plural: linstorcontrollersets + singular: linstorcontrollerset + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: 'LinstorControllerSet is the Schema for the linstorcontrollersets + API DEPRECATED: use LinstorController' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LinstorControllerSetSpec defines the desired state of LinstorControllerSet + properties: + affinity: + description: Affinity for scheduling the controller pod + nullable: true + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + controllerImage: + description: controllerImage is the image (location + tag) for the LINSTOR + controller/server container + type: string + dbCertSecret: + description: DBCertSecret is the name of the kubernetes secret that + holds the CA certificate used to verify the datatbase connection. + The secret must contain a key "ca.pem" which holds the certificate + in PEM format + nullable: true + type: string + dbConnectionURL: + description: DBConnectionURL is the URL of the ETCD endpoint for LINSTOR + Controller + type: string + dbUseClientCert: + description: Use a TLS client certificate for authentication with the + database (etcd). If set to true, `dbCertSecret` must be set and contain + two additional entries "client.cert" (PEM encoded) and "client.key" + (PKCS8 encoded, without passphrase). + type: boolean + drbdRepoCred: + description: DrbdRepoCred is the name of the kubernetes secret that + holds the credential for the DRBD repositories + type: string + imagePullPolicy: + description: Pull policy applied to all pods started from this controller + type: string + linstorHttpsClientSecret: + description: 'Name of the secret containing: (a) `ca.pem`: root certificate + used to validate HTTPS connections with Linstor (PEM format, without + password) (b) `client.key`: client key used by the linstor client + (PEM format, without password) (c) `client.cert`: client certificate + matching the client key (PEM format, without password) If set, HTTPS + is used for connecting and authenticating with linstor' + type: string + linstorHttpsControllerSecret: + description: Name of the secret containing the java keystore (`keystore.jks`) + used to enable HTTPS on the controller. The controller will create + a secured https endpoint on port 3371 with the key stored in `keystore.jks`. + The keystore must be secured using the passphrase "linstor". Also + needs to contain a truststore `truststore.jks`, which will be used + to authenticate clients. + type: string + luksSecret: + description: Name of the secret containing the master passphrase for + LUKS devices as `MASTER_PASSPHRASE` + nullable: true + type: string + priorityClassName: + description: priorityClassName is the name of the PriorityClass for + the controller pods + type: string + resources: + description: Resource requirements for the LINSTOR controller pod + nullable: true + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + sslSecret: + description: Name of k8s secret that holds the SSL key for a node (called + `keystore.jks`) and the trusted certificates (called `certificates.jks`) + nullable: true + type: string + tolerations: + description: Tolerations for scheduling the controller pod + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + nullable: true + type: array + required: + - controllerImage + - dbConnectionURL + - drbdRepoCred + - priorityClassName + type: object + status: + description: LinstorControllerSetStatus defines the observed state of LinstorControllerSet + properties: + ControllerStatus: + description: ControllerStatus information. + properties: + nodeName: + description: The hostname of the kubelet running the node + type: string + registeredOnController: + description: Indicates if the node has been created on the controller. + type: boolean + required: + - nodeName + - registeredOnController + type: object + DependantsMigrated: + description: DependantsMigrated indicated that all resources created + from this LinstorControllerSet have a new owner. + type: boolean + ResourceMigrated: + description: ResourceMigrated indicates that this LinstorControllerSet + was already converted into a LinstorController. + type: boolean + SatelliteStatuses: + description: SatelliteStatuses by hostname. + items: + description: SatelliteStatus should provide all the information that + the reconsile loop needs to manage the operation of the LINSTOR + Satellite. + properties: + connectionStatus: + description: As indicated by Linstor + type: string + nodeName: + description: The hostname of the kubelet running the node + type: string + registeredOnController: + description: Indicates if the node has been created on the controller. + type: boolean + storagePoolStatus: + description: StoragePoolStatuses by storage pool name. + items: + description: StoragePoolStatus reports basic information about + storage pool state. + properties: + freeCapacity: + description: Usage reporting + format: int64 + type: integer + name: + description: The name of the storage pool. + type: string + nodeName: + description: The hostname of the kubelet hosting the storage + pool. + type: string + provider: + description: Provider is the underlying storage, lvm, zfs, + etc. + type: string + totalCapacity: + format: int64 + type: integer + required: + - freeCapacity + - name + - nodeName + - provider + - totalCapacity + type: object + type: array + required: + - connectionStatus + - nodeName + - registeredOnController + - storagePoolStatus + type: object + type: array + errors: + description: Errors remaining that will trigger reconciliations. + items: + type: string + type: array + required: + - ControllerStatus + - SatelliteStatuses + - errors + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + diff --git a/definitions/piraeus.linbit.com/linstorcsidriver.yaml b/definitions/piraeus.linbit.com/linstorcsidriver.yaml new file mode 100644 index 000000000..04f2397ec --- /dev/null +++ b/definitions/piraeus.linbit.com/linstorcsidriver.yaml @@ -0,0 +1,7581 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: linstorcsidrivers.piraeus.linbit.com +spec: + group: piraeus.linbit.com + names: + kind: LinstorCSIDriver + listKind: LinstorCSIDriverList + plural: linstorcsidrivers + singular: linstorcsidriver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.NodeReady + name: NodeReady + type: boolean + - jsonPath: .status.ControllerReady + name: ControllerReady + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: LinstorCSIDriver is the Schema for the linstorcsidrivers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LinstorCSIDriverSpec defines the desired state of LinstorCSIDriver + properties: + controllerAffinity: + description: Affinity for scheduling the CSI controller pod + nullable: true + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + controllerEndpoint: + description: Cluster URL of the linstor controller. If not set, will + be determined from the current resource name. + type: string + controllerReplicas: + description: controllerReplicas is the number of replicas created + for the CSI controller deployment. + format: int32 + type: integer + controllerStrategy: + description: controllerStrategy describes how to replace existing + pods with new ones. + nullable: true + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if DeploymentStrategyType + = RollingUpdate. --- TODO: Update this to follow our convention + for oneOf, whatever we decide it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled + above the desired number of pods. Value can be an absolute + number (ex: 5) or a percentage of desired pods (ex: 10%). + This can not be 0 if MaxUnavailable is 0. Absolute number + is calculated from percentage by rounding up. Defaults to + 25%. Example: when this is set to 30%, the new ReplicaSet + can be scaled up immediately when the rolling update starts, + such that the total number of old and new pods do not exceed + 130% of desired pods. Once old pods have been killed, new + ReplicaSet can be scaled up further, ensuring that total + number of pods running at any time during the update is + at most 130% of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute number + is calculated from percentage by rounding down. This can + not be 0 if MaxSurge is 0. Defaults to 25%. Example: when + this is set to 30%, the old ReplicaSet can be scaled down + to 70% of desired pods immediately when the rolling update + starts. Once new pods are ready, old ReplicaSet can be scaled + down further, followed by scaling up the new ReplicaSet, + ensuring that the total number of pods available at all + times during the update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + controllerTolerations: + description: Tolerations for schedluing CSI controller pods + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nullable: true + type: array + csiAttacherImage: + description: Name of the CSI external attacher image. See https://kubernetes-csi.github.io/docs/external-attacher.html + type: string + csiAttacherWorkerThreads: + description: Number of simultaneously running operations for attaching + and detaching volumes + format: int32 + type: integer + csiControllerServiceAccountName: + description: Name of the service account used by the CSI controller + pods + type: string + csiLivenessProbeImage: + description: Name of the CSI liveness probe image. See https://kubernetes-csi.github.io/docs/livenessprobe.html + type: string + csiNodeDriverRegistrarImage: + description: Name of the CSI node driver registrar image. See https://kubernetes-csi.github.io/docs/node-driver-registrar.html + type: string + csiNodeServiceAccountName: + description: Name of the service account used by the CSI node pods + type: string + csiProvisionerImage: + description: Name of the CSI external provisioner image. See https://kubernetes-csi.github.io/docs/external-provisioner.html + type: string + csiProvisionerWorkerThreads: + description: Number of simultaneously running operations for creating + and deleting volumes + format: int32 + type: integer + csiResizerImage: + description: Name of the CSI external resizer image. See https://kubernetes-csi.github.io/docs/external-resizer.html + type: string + csiResizerWorkerThreads: + description: Number of simultaneously running operations for resizing + volumes + format: int32 + type: integer + csiSnapshotterImage: + description: Name of the CSI external snapshotter image. See https://kubernetes-csi.github.io/docs/external-snapshotter.html + type: string + csiSnapshotterWorkerThreads: + description: Number of simultaneously running operations for creating + and deleting snapshots + format: int32 + type: integer + enableTopology: + description: Enable CSI topology feature to control volume accessibility + on cluster nodes + type: boolean + extraVolumes: + description: ControllerExtraVolumes are additional volumes which can + be added to the controller pods. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + nullable: true + type: array + imagePullPolicy: + description: Pull policy applied to all pods started from this controller + type: string + imagePullSecret: + description: Name of a secret with authentication details for the + `LinstorPluginImage` registry + type: string + kubeletPath: + description: KubeletPath is the common parent path of mount targets + and plugin registration directories of Kubelet. Typically this should + be set to /var/lib/kubelet, but some distributions require a different + path. + type: string + linstorHttpsClientSecret: + description: 'Name of the secret containing: (a) `ca.crt`: root certificate + used to validate HTTPS connections with Linstor (PEM format, without + password) (b) `tls.key`: client key used by the linstor client (PEM + format, without password) (c) `tls.crt`: client certificate matching + the client key (PEM format, without password) If set, HTTPS is used + for connecting and authenticating with linstor' + type: string + linstorPluginImage: + description: Image that contains the linstor-csi driver plugin + type: string + logLevel: + description: LogLevel sets the log level for deployed components. + enum: + - error + - warn + - info + - debug + - trace + nullable: true + type: string + nodeAffinity: + description: Affinity for scheduling the CSI node pods + nullable: true + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeExtraVolumes: + description: NodeExtraVolumes are additional volumes which can be + added to the node pods. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + nullable: true + type: array + nodeSidecars: + description: NodeSidecars are additional containers which can be added + to the node pods. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + nullable: true + type: array + nodeTolerations: + description: Tolerations for scheduling CSI node pods + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nullable: true + type: array + priorityClassName: + description: priorityClassName is the name of the PriorityClass for + the csi driver pods + type: string + resources: + description: Resource requirements for the csi pods. The requirements + are re-used for all pods (node/controller). + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + sidecars: + description: ControllerSidecars are additional containers which can + be added to the controller pods. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + nullable: true + type: array + required: + - imagePullSecret + - linstorPluginImage + type: object + status: + description: LinstorCSIDriverStatus defines the observed state of LinstorCSIDriver + properties: + ControllerReady: + description: CSI controller ready status + type: boolean + NodeReady: + description: CSI node components ready status + type: boolean + errors: + description: Errors remaining that will trigger reconciliations. + items: + type: string + type: array + required: + - ControllerReady + - NodeReady + - errors + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/piraeus.linbit.com/linstornodeset.yaml b/definitions/piraeus.linbit.com/linstornodeset.yaml new file mode 100644 index 000000000..591f14d32 --- /dev/null +++ b/definitions/piraeus.linbit.com/linstornodeset.yaml @@ -0,0 +1,889 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: linstornodesets.piraeus.linbit.com +spec: + group: piraeus.linbit.com + names: + kind: LinstorNodeSet + listKind: LinstorNodeSetList + plural: linstornodesets + singular: linstornodeset + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: 'LinstorNodeSet is the Schema for the linstornodesets API DEPRECATED: + use LinstorSatelliteSet' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LinstorNodeSetSpec defines the desired state of LinstorNodeSet + properties: + affinity: + description: Affinity for scheduling the satellite pods + nullable: true + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all + objects with implicit weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches no objects (i.e. is also + a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The + terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be + empty. If the operator is Gt or Lt, the values + array must have a single element, which will + be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the affinity expressions specified by this field, + but it may choose a node that violates one or more of the + expressions. The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node that meets + all of the scheduling requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the sum + if the node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may not + try to eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some other + pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes + that satisfy the anti-affinity expressions specified by this + field, but it may choose a node that violates one or more + of the expressions. The node that is most preferred is the + one with the greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field + and adding "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) that + this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label query over a set of resources, in + this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any + node on which any of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automaticStorageType: + description: If set, the operator will automatically create storage + pools of the specified type for all devices that can be found. The + name of the storage pools matches the device name. For example, all + devices `/dev/sdc` will be part of the `sdc` storage pool. + enum: + - None + - LVM + - LVMTHIN + - ZFS + type: string + controllerEndpoint: + description: Cluster URL of the linstor controller. If not set, will + be determined from the current resource name. + type: string + drbdKernelModuleInjectionMode: + description: 'drbdKernelModuleInjectionMode selects the source for the + DRBD kernel module DEPRECATED: use kernelModuleInjectionMode' + enum: + - None + - Compile + - ShippedModules + - DepsOnly + type: string + drbdRepoCred: + description: drbdRepoCred is the name of the kubernetes secret that + holds the credential for the DRBD repositories + type: string + imagePullPolicy: + description: Pull policy applied to all pods started from this controller + type: string + kernelModImage: + description: 'kernelModImage is the image (location + tag) for the LINSTOR/DRBD + kernel module injector container DEPRECATED: use kernelModuleInjectionImage' + type: string + kernelModuleInjectionImage: + description: kernelModuleInjectionImage is the image (location + tag) + for the LINSTOR/DRBD kernel module injector + type: string + kernelModuleInjectionMode: + description: kernelModuleInjectionMode selects the source for the DRBD + kernel module + enum: + - None + - Compile + - ShippedModules + - DepsOnly + type: string + kernelModuleInjectionResources: + description: Resource requirements for the kernel module builder/injector + container + nullable: true + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + linstorHttpsClientSecret: + description: 'Name of the secret containing: (a) `ca.pem`: root certificate + used to validate HTTPS connections with Linstor (PEM format, without + password) (b) `client.key`: client key used by the linstor client + (PEM format, without password) (c) `client.cert`: client certificate + matching the client key (PEM format, without password) If set, HTTPS + is used for connecting and authenticating with linstor' + type: string + priorityClassName: + description: priorityClassName is the name of the PriorityClass for + the node pods + type: string + resources: + description: Resource requirements for the LINSTOR satellite container + nullable: true + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + satelliteImage: + description: satelliteImage is the image (location + tag) for the LINSTOR + satellite container + type: string + sslSecret: + description: Name of k8s secret that holds the SSL key for a node (called + `keystore.jks`) and the trusted certificates (called `certificates.jks`) + nullable: true + type: string + storagePools: + description: StoragePools is a list of StoragePools for LinstorSatelliteSet + to manage. + nullable: true + properties: + lvmPools: + description: LVMPools for LinstorSatelliteSet to manage. + items: + description: StoragePoolLVM represents LVM storage pool to be + managed by a LinstorSatelliteSet + properties: + name: + description: Name of the storage pool. + type: string + volumeGroup: + description: Name of underlying lvm group + type: string + required: + - name + - volumeGroup + type: object + nullable: true + type: array + lvmThinPools: + description: LVMThinPools for LinstorSatelliteSet to manage. + items: + description: StoragePoolLVMThin represents LVM Thin storage pool + to be managed by a LinstorSatelliteSet + properties: + name: + description: Name of the storage pool. + type: string + thinVolume: + description: Name of underlying lvm thin volume + type: string + volumeGroup: + description: Name of underlying lvm group + type: string + required: + - name + - thinVolume + - volumeGroup + type: object + nullable: true + type: array + type: object + tolerations: + description: Tolerations for scheduling the satellite pods + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, operator + must be Exists; this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists + is equivalent to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the + toleration (which must be of effect NoExecute, otherwise this + field is ignored) tolerates the taint. By default, it is not + set, which means tolerate the taint forever (do not evict). + Zero and negative values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise + just a regular string. + type: string + type: object + nullable: true + type: array + required: + - drbdRepoCred + - priorityClassName + - satelliteImage + type: object + status: + description: LinstorNodeSetStatus defines the observed state of LinstorNodeSet + properties: + DependantsMigrated: + description: DependantsMigrated indicated that all resources created + from this LinstorNodeSet have a new owner. + type: boolean + ResourceMigrated: + description: ResourceMigrated indicates that this LinstorNodeSet was + already converted into a LinstorSatelliteSet. + type: boolean + SatelliteStatuses: + description: SatelliteStatuses by hostname. + items: + description: SatelliteStatus should provide all the information that + the reconsile loop needs to manage the operation of the LINSTOR + Satellite. + properties: + connectionStatus: + description: As indicated by Linstor + type: string + nodeName: + description: The hostname of the kubelet running the node + type: string + registeredOnController: + description: Indicates if the node has been created on the controller. + type: boolean + storagePoolStatus: + description: StoragePoolStatuses by storage pool name. + items: + description: StoragePoolStatus reports basic information about + storage pool state. + properties: + freeCapacity: + description: Usage reporting + format: int64 + type: integer + name: + description: The name of the storage pool. + type: string + nodeName: + description: The hostname of the kubelet hosting the storage + pool. + type: string + provider: + description: Provider is the underlying storage, lvm, zfs, + etc. + type: string + totalCapacity: + format: int64 + type: integer + required: + - freeCapacity + - name + - nodeName + - provider + - totalCapacity + type: object + type: array + required: + - connectionStatus + - nodeName + - registeredOnController + - storagePoolStatus + type: object + type: array + errors: + description: Errors remaining that will trigger reconciliations. + items: + type: string + type: array + required: + - SatelliteStatuses + - errors + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + diff --git a/definitions/piraeus.linbit.com/linstorsatelliteset.yaml b/definitions/piraeus.linbit.com/linstorsatelliteset.yaml new file mode 100644 index 000000000..887209b1a --- /dev/null +++ b/definitions/piraeus.linbit.com/linstorsatelliteset.yaml @@ -0,0 +1,4221 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: linstorsatellitesets.piraeus.linbit.com +spec: + group: piraeus.linbit.com + names: + kind: LinstorSatelliteSet + listKind: LinstorSatelliteSetList + plural: linstorsatellitesets + singular: linstorsatelliteset + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: LinstorSatelliteSet is the Schema for the linstorsatellitesets + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: LinstorSatelliteSetSpec defines the desired state of a LinstorSatelliteSet. + properties: + additionalEnv: + description: AdditionalEnv is a list of extra environments variables + to pass to the satellite container + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + nullable: true + type: array + affinity: + description: Affinity for scheduling the satellite pods + nullable: true + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automaticStorageType: + description: 'If set, the operator will automatically create storage + pools of the specified type for all devices that can be found. The + name of the storage pools matches the device name. For example, + all devices `/dev/sdc` will be part of the `autopool-sdc` storage + pool. Note: Using this attribute is discouraged. Using the "storagePools" + to set up devices allows for more control on device creation.' + enum: + - None + - LVM + - LVMTHIN + - ZFS + type: string + controllerEndpoint: + description: Cluster URL of the linstor controller. If not set, will + be determined from the current resource name. + type: string + dnsPolicy: + description: DNSPolicy sets the DNS policy for the pod. + enum: + - ClusterFirstWithHostNet + - ClusterFirst + - Default + - None + nullable: true + type: string + drbdRepoCred: + description: drbdRepoCred is the name of the kubernetes secret that + holds the credential for the DRBD repositories + type: string + extraVolumes: + description: ExtraVolumes are additional volumes which can be added + to the pods. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + nullable: true + type: array + imagePullPolicy: + description: Pull policy applied to all pods started from this controller + type: string + kernelModuleInjectionAdditionalSourceDirectory: + description: kernelModuleInjectionAdditionalSourceDirectory is the + directory containing the kernel sources and config on the host. + It will be mounted read-only when the injection mode is Compile. + If unset, defaults to /usr/src. To disable the mount, specify "none". + nullable: true + type: string + kernelModuleInjectionExtraVolumeMounts: + description: KernelModuleInjectionExtraVolumeMounts are additional + volumes mounts for the kernel module builder/injector container. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + nullable: true + type: array + kernelModuleInjectionImage: + description: kernelModuleInjectionImage is the image (location + tag) + for the LINSTOR/DRBD kernel module injector + type: string + kernelModuleInjectionMode: + description: kernelModuleInjectionMode selects the source for the + DRBD kernel module + enum: + - None + - Compile + - ShippedModules + - DepsOnly + type: string + kernelModuleInjectionResources: + description: Resource requirements for the kernel module builder/injector + container + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + linstorHttpsClientSecret: + description: 'Name of the secret containing: (a) `ca.crt`: root certificate + used to validate HTTPS connections with Linstor (PEM format, without + password) (b) `tls.key`: client key used by the linstor client (PEM + format, without password) (c) `tls.crt`: client certificate matching + the client key (PEM format, without password) If set, HTTPS is used + for connecting and authenticating with linstor' + type: string + logLevel: + description: LogLevel sets the log level for deployed components. + enum: + - error + - warn + - info + - debug + - trace + nullable: true + type: string + monitoringBindAddress: + description: MonitoringBindAddress is the address used to bind monitoring + information exporter. + nullable: true + type: string + monitoringImage: + description: MonitoringImage is the image used to export monitoring + information from DRBD and Linstor. + nullable: true + type: string + mountDrbdResourceDirectoriesFromHost: + description: MountDrbdResourceDirectoriesFromHost sets up the hostpath + volume mounts in the satellite set for DRBD resource directories. + nullable: true + type: boolean + priorityClassName: + description: priorityClassName is the name of the PriorityClass for + the node pods + type: string + resources: + description: Resource requirements for the LINSTOR satellite container + nullable: true + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + satelliteImage: + description: satelliteImage is the image (location + tag) for the + LINSTOR satellite container + type: string + serviceAccountName: + description: Name of the service account to be used for the created + pods + type: string + sidecars: + description: Sidecars are additional containers which can be added + to the pods. + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + This is a beta field and requires enabling GRPCContainerProbe + feature gate. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name. This will + be canonicalized upon output, so case-variant + names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + nullable: true + type: array + sslSecret: + description: Name of k8s secret that holds the SSL key for a node + (called `keystore.jks`) and the trusted certificates (called `certificates.jks`) + nullable: true + type: string + storagePools: + description: StoragePools is a list of StoragePools for LinstorSatelliteSet + to manage. + nullable: true + properties: + lvmPools: + description: LVMPools for LinstorSatelliteSet to manage. + items: + description: StoragePoolLVM represents LVM storage pool to be + managed by a LinstorSatelliteSet + properties: + devicePaths: + description: List of device paths that should make up the + VG + items: + type: string + type: array + name: + description: Name of the storage pool. + type: string + raidLevel: + description: Set LVM RaidLevel + type: string + vdo: + description: Enable the Virtual Data Optimizer (VDO) on + the volume group. + type: boolean + vdoLogicalSizeKib: + description: Set VDO logical volume size + format: int32 + type: integer + vdoSlabSizeKib: + description: Set VDO slab size + format: int32 + type: integer + volumeGroup: + description: Name of underlying lvm group + type: string + required: + - name + - volumeGroup + type: object + nullable: true + type: array + lvmThinPools: + description: LVMThinPools for LinstorSatelliteSet to manage. + items: + description: StoragePoolLVMThin represents LVM Thin storage + pool to be managed by a LinstorSatelliteSet. + properties: + devicePaths: + description: List of device paths that should make up the + VG + items: + type: string + type: array + name: + description: Name of the storage pool. + type: string + raidLevel: + description: Set LVM RaidLevel + type: string + thinVolume: + description: Name of underlying lvm thin volume + type: string + volumeGroup: + description: Name of underlying lvm group + type: string + required: + - name + - thinVolume + - volumeGroup + type: object + nullable: true + type: array + zfsPools: + description: ZFSPools for LinstorSatelliteSet to manage + items: + description: StoragePoolZFS represents + properties: + name: + description: Name of the storage pool. + type: string + thin: + description: use thin provisioning + type: boolean + zPool: + description: Name of the zpool to use. + type: string + required: + - name + - thin + - zPool + type: object + nullable: true + type: array + type: object + tolerations: + description: Tolerations for scheduling the satellite pods + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nullable: true + type: array + required: + - drbdRepoCred + - priorityClassName + - satelliteImage + type: object + status: + description: LinstorSatelliteSetStatus defines the observed state of LinstorSatelliteSet + properties: + SatelliteStatuses: + description: SatelliteStatuses by hostname. + items: + description: SatelliteStatus should provide all the information + that the reconsile loop needs to manage the operation of the LINSTOR + Satellite. + properties: + connectionStatus: + description: As indicated by Linstor + type: string + nodeName: + description: The hostname of the kubelet running the node + type: string + registeredOnController: + description: Indicates if the node has been created on the controller. + type: boolean + storagePoolStatus: + description: StoragePoolStatuses by storage pool name. + items: + description: StoragePoolStatus reports basic information about + storage pool state. + properties: + freeCapacity: + description: Usage reporting + format: int64 + type: integer + name: + description: The name of the storage pool. + type: string + nodeName: + description: The hostname of the kubelet hosting the storage + pool. + type: string + provider: + description: Provider is the underlying storage, lvm, + zfs, etc. + type: string + totalCapacity: + format: int64 + type: integer + required: + - freeCapacity + - name + - nodeName + - provider + - totalCapacity + type: object + type: array + required: + - connectionStatus + - nodeName + - registeredOnController + - storagePoolStatus + type: object + type: array + errors: + description: Errors remaining that will trigger reconciliations. + items: + type: string + type: array + required: + - SatelliteStatuses + - errors + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/pkg.crossplane.io/controllerconfig.yaml b/definitions/pkg.crossplane.io/controllerconfig.yaml new file mode 100644 index 000000000..be6c2bc06 --- /dev/null +++ b/definitions/pkg.crossplane.io/controllerconfig.yaml @@ -0,0 +1,3676 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: controllerconfigs.pkg.crossplane.io +spec: + group: pkg.crossplane.io + names: + kind: ControllerConfig + listKind: ControllerConfigList + plural: controllerconfigs + singular: controllerconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + deprecated: true + deprecationWarning: ControllerConfig.pkg.crossplane.io/v1alpha1 is deprecated. + Use DeploymentRuntimeConfig from pkg.crossplane.io/v1beta1 instead. + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + A ControllerConfig applies settings to controllers like Provider pods. + Deprecated: Use the + [DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration) + instead. + + Read the + [Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md) + design document for more details. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ControllerConfigSpec specifies the configuration for a packaged controller. + Values provided will override package manager defaults. Labels and + annotations are passed to both the controller Deployment and ServiceAccount. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: |- + Arguments to the entrypoint. + The docker image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, + regardless of whether the variable exists or not. + Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Docker image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. For example, + in the case of docker, only DockerConfig type secrets are honored. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + Setting ImagePullSecrets will replace any secrets that have been + propagated to a controller Deployment, typically via packagePullSecrets. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + metadata: + description: Metadata that will be added to the provider Pod. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and + categorize (scope and select) objects. This will only affect + labels on the pod, not the pod selector. Labels will be merged + with internal labels used by crossplane, and labels with a + crossplane.io key might be overwritten. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + type: object + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + podSecurityContext: + description: |- + PodSecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + ports: + description: List of container ports to expose on the container + items: + description: ContainerPort represents a network port in a single + container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + replicas: + description: |- + Number of desired pods. This is a pointer to distinguish between explicit + zero and not specified. Defaults to 1. + Note: If more than 1 replica is set and leader election is not enabled then + controllers could conflict. Environment variable "LEADER_ELECTION" can be + used to enable leader election process. + format: int32 + type: integer + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md + This is a beta feature as of Kubernetes v1.14. + type: string + securityContext: + description: |- + SecurityContext holds container-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + If specified, a ServiceAccount named this ServiceAccountName will be used for + the spec.serviceAccountName field in Pods to be created and for the subjects.name field + in a ClusterRoleBinding to be created. + If there is no ServiceAccount named this ServiceAccountName, a new ServiceAccount + will be created. + If there is a pre-existing ServiceAccount named this ServiceAccountName, the ServiceAccount + will be used. The annotations in the ControllerConfig will be copied to the ServiceAccount + and pre-existing annotations will be kept. + Regardless of whether there is a ServiceAccount created by Crossplane or is in place already, + the ServiceAccount will be deleted once the Provider and ControllerConfig are deleted. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volumeMounts: + description: |- + List of VolumeMounts to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: {} + diff --git a/definitions/pxc.percona.com/perconaxtradbbackup.yaml b/definitions/pxc.percona.com/perconaxtradbbackup.yaml new file mode 100644 index 000000000..ee413d41b --- /dev/null +++ b/definitions/pxc.percona.com/perconaxtradbbackup.yaml @@ -0,0 +1,52 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: perconaxtradbbackups.pxc.percona.com +spec: + group: pxc.percona.com + names: + kind: PerconaXtraDBBackup + listKind: PerconaXtraDBBackupList + plural: perconaxtradbbackups + singular: perconaxtradbbackup + shortNames: [] + scope: Namespaced + versions: + - name: v1alpha1 + storage: true + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Cluster + type: string + description: Cluster name + jsonPath: .spec.pxcCluster + - name: Storage + type: string + description: Storage name from pxc spec + jsonPath: .status.storageName + - name: Destination + type: string + description: Backup destination + jsonPath: .status.destination + - name: Status + type: string + description: Job status + jsonPath: .status.state + - name: Completed + description: Completed time + type: date + jsonPath: .status.completed + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + diff --git a/definitions/secrets.crossplane.io/storeconfig.yaml b/definitions/secrets.crossplane.io/storeconfig.yaml new file mode 100644 index 000000000..5b15f7f3a --- /dev/null +++ b/definitions/secrets.crossplane.io/storeconfig.yaml @@ -0,0 +1,173 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: storeconfigs.secrets.crossplane.io +spec: + group: secrets.crossplane.io + names: + categories: + - crossplane + - store + kind: StoreConfig + listKind: StoreConfigList + plural: storeconfigs + singular: storeconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .spec.defaultScope + name: DEFAULT-SCOPE + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + A StoreConfig configures how Crossplane controllers should store connection + details in an external secret store. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: A StoreConfigSpec defines the desired state of a StoreConfig. + properties: + defaultScope: + description: |- + DefaultScope used for scoping secrets for "cluster-scoped" resources. + If store type is "Kubernetes", this would mean the default namespace to + store connection secrets for cluster scoped resources. + In case of "Vault", this would be used as the default parent path. + Typically, should be set as Crossplane installation namespace. + type: string + kubernetes: + description: |- + Kubernetes configures a Kubernetes secret store. + If the "type" is "Kubernetes" but no config provided, in cluster config + will be used. + properties: + auth: + description: Credentials used to connect to the Kubernetes API. + properties: + env: + description: |- + Env is a reference to an environment variable that contains credentials + that must be used to connect to the provider. + properties: + name: + description: Name is the name of an environment variable. + type: string + required: + - name + type: object + fs: + description: |- + Fs is a reference to a filesystem location that contains credentials that + must be used to connect to the provider. + properties: + path: + description: Path is a filesystem path. + type: string + required: + - path + type: object + secretRef: + description: |- + A SecretRef is a reference to a secret key that contains the credentials + that must be used to connect to the provider. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + source: + description: Source of the credentials. + enum: + - None + - Secret + - Environment + - Filesystem + type: string + required: + - source + type: object + required: + - auth + type: object + plugin: + description: Plugin configures External secret store as a plugin. + properties: + configRef: + description: ConfigRef contains store config reference info. + properties: + apiVersion: + description: APIVersion of the referenced config. + type: string + kind: + description: Kind of the referenced config. + type: string + name: + description: Name of the referenced config. + type: string + required: + - apiVersion + - kind + - name + type: object + endpoint: + description: Endpoint is the endpoint of the gRPC server. + type: string + type: object + type: + default: Kubernetes + description: |- + Type configures which secret store to be used. Only the configuration + block for this store will be used and others will be ignored if provided. + Default is Kubernetes. + enum: + - Kubernetes + - Vault + - Plugin + type: string + required: + - defaultScope + type: object + required: + - spec + type: object + served: true + storage: true + subresources: {} + diff --git a/definitions/serving.knative.dev/configuration.yaml b/definitions/serving.knative.dev/configuration.yaml new file mode 100644 index 000000000..9df215aa0 --- /dev/null +++ b/definitions/serving.knative.dev/configuration.yaml @@ -0,0 +1,35 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: configurations.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.latestCreatedRevisionName + name: LatestCreated + type: string + - JSONPath: .status.latestReadyRevisionName + name: LatestReady + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Configuration + plural: configurations + shortNames: + - config + - cfg + singular: configuration + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + diff --git a/definitions/serving.knative.dev/revision.yaml b/definitions/serving.knative.dev/revision.yaml new file mode 100644 index 000000000..d0049c4d1 --- /dev/null +++ b/definitions/serving.knative.dev/revision.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: revisions.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.serviceName + name: Service Name + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Revision + plural: revisions + shortNames: + - rev + singular: revision + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + diff --git a/definitions/serving.knative.dev/route.yaml b/definitions/serving.knative.dev/route.yaml new file mode 100644 index 000000000..a5bc2f364 --- /dev/null +++ b/definitions/serving.knative.dev/route.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: routes.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.domain + name: Domain + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Route + plural: routes + shortNames: + - rt + singular: route + scope: Namespaced + subresources: + status: {} + version: v1alpha1 + diff --git a/definitions/serving.knative.dev/service.yaml b/definitions/serving.knative.dev/service.yaml new file mode 100644 index 000000000..16fef928d --- /dev/null +++ b/definitions/serving.knative.dev/service.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: services.serving.knative.dev +spec: + additionalPrinterColumns: + - JSONPath: .status.domain + name: Domain + type: string + - JSONPath: .status.latestCreatedRevisionName + name: LatestCreated + type: string + - JSONPath: .status.latestReadyRevisionName + name: LatestReady + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - JSONPath: .status.conditions[?(@.type=="Ready")].reason + name: Reason + type: string + group: serving.knative.dev + names: + categories: + - all + - knative + - serving + kind: Service + plural: services + shortNames: + - kservice + - ksvc + singular: service + scope: Namespaced + subresources: + status: {} + version: v1alpha1 diff --git a/definitions/source.fluxcd.io/gitrepository.yaml b/definitions/source.fluxcd.io/gitrepository.yaml new file mode 100644 index 000000000..fc59a8443 --- /dev/null +++ b/definitions/source.fluxcd.io/gitrepository.yaml @@ -0,0 +1,196 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: gitrepositories.source.fluxcd.io +spec: + group: source.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + interval: + description: The interval at which to check for repository updates. + type: string + ref: + description: The git reference to checkout and monitor for changes, + defaults to master branch. + properties: + branch: + description: The git branch to checkout, defaults to master. + type: string + commit: + description: The git commit sha to checkout, if specified tag + filters will be ignored. + type: string + semver: + description: The git tag semver expression, takes precedence over + tag. + type: string + tag: + description: The git tag to checkout, takes precedence over branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS + repositories the secret must contain username and password fields. + For SSH repositories the secret must contain identity, identity.pub + and known_hosts fields. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + timeout: + description: The timeout for remote git operations like cloning, default + to 20s. + type: string + url: + description: The repository URL, can be a HTTP or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verify OpenPGP signature for the commit that HEAD points + to. + properties: + mode: + description: Mode describes what git object should be verified, + currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all + trusted git authors. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the local file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a commit sha, git tag, + a helm index timestamp, a helm chart version, a checksum, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + items: + description: SourceCondition contains condition information for + a source. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + url: + description: URL is the download link for the artifact output of the + last repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/source.fluxcd.io/helmchart.yaml b/definitions/source.fluxcd.io/helmchart.yaml new file mode 100644 index 000000000..a2da13e74 --- /dev/null +++ b/definitions/source.fluxcd.io/helmchart.yaml @@ -0,0 +1,154 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: helmcharts.source.fluxcd.io +spec: + group: source.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: Name + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.helmRepositoryRef.name + name: Repository + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + helmRepositoryRef: + description: The name of the HelmRepository the chart is available + at. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + interval: + description: The interval at which to check the Helm repository for + updates. + type: string + name: + description: The name of the Helm chart, as made available by the + referenced Helm repository. + type: string + version: + description: The chart version semver expression, defaults to latest + when omitted. + type: string + required: + - helmRepositoryRef + - interval + - name + type: object + status: + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful + chart sync. + properties: + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the local file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a commit sha, git tag, + a helm index timestamp, a helm chart version, a checksum, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + items: + description: SourceCondition contains condition information for + a source. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/source.fluxcd.io/helmrepository.yaml b/definitions/source.fluxcd.io/helmrepository.yaml new file mode 100644 index 000000000..d221c05f5 --- /dev/null +++ b/definitions/source.fluxcd.io/helmrepository.yaml @@ -0,0 +1,144 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: helmrepositories.source.fluxcd.io +spec: + group: source.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + interval: + description: The interval at which to check the upstream for updates. + type: string + secretRef: + description: The name of the secret containing authentication credentials + for the Helm repository. For HTTP/S basic auth the secret must contain + username and password fields. For TLS the secret must contain caFile, + keyFile and caCert fields. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + url: + description: The Helm repository URL, a valid URL contains at least + a protocol and host. + type: string + required: + - interval + - url + type: object + status: + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the local file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a commit sha, git tag, + a helm index timestamp, a helm chart version, a checksum, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + items: + description: SourceCondition contains condition information for + a source. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: Type of the condition, currently ('Ready'). + type: string + required: + - status + - type + type: object + type: array + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/source.toolkit.fluxcd.io/bucket.yaml b/definitions/source.toolkit.fluxcd.io/bucket.yaml index 806ac1419..810f780fc 100644 --- a/definitions/source.toolkit.fluxcd.io/bucket.yaml +++ b/definitions/source.toolkit.fluxcd.io/bucket.yaml @@ -1,9 +1,8 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.12.0 name: buckets.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -18,122 +17,94 @@ spec: - jsonPath: .spec.endpoint name: Endpoint type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - name: v1 + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 schema: openAPIV3Schema: - description: Bucket is the Schema for the buckets API. + description: Bucket is the Schema for the buckets API properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: |- - BucketSpec specifies the required configuration to produce an Artifact for - an object storage bucket. + description: BucketSpec defines the desired state of an S3 compatible + bucket properties: - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - bucket. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - This field is only supported for the `generic` provider. + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. properties: - name: - description: Name of the referent. - type: string + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array required: - - name + - namespaceSelectors type: object + bucketName: + description: The bucket name. + type: string endpoint: - description: Endpoint is the object storage address the BucketName - is located at. + description: The bucket endpoint address. type: string ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. type: string insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. type: boolean interval: - description: |- - Interval at which the Bucket Endpoint is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - prefix: - description: Prefix to use for server-side filtering of files in the - Bucket. + description: The interval at which to check for bucket updates. type: string provider: default: generic - description: |- - Provider of the object storage bucket. - Defaults to 'generic', which expects an S3 (API) compatible object - storage. + description: The S3 compatible storage provider name, default ('generic'). enum: - generic - aws - gcp - - azure type: string - proxySecretRef: - description: |- - ProxySecretRef specifies the Secret containing the proxy configuration - to use while communicating with the Bucket server. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object region: - description: Region of the Endpoint where the BucketName is located - in. + description: The bucket region. type: string secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials + description: The name of the secret containing authentication credentials for the Bucket. properties: name: @@ -142,191 +113,92 @@ spec: required: - name type: object - serviceAccountName: - description: |- - ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate - the bucket. This field is only supported for the 'gcp' and 'aws' providers. - For more information about workload identity: - https://fluxcd.io/flux/components/source/buckets/#workload-identity - type: string - sts: - description: |- - STS specifies the required configuration to use a Security Token - Service for fetching temporary credentials to authenticate in a - Bucket provider. - - This field is only supported for the `aws` and `generic` providers. - properties: - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - STS endpoint. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - This field is only supported for the `ldap` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - endpoint: - description: |- - Endpoint is the HTTP/S endpoint of the Security Token Service from - where temporary credentials will be fetched. - pattern: ^(http|https)://.*$ - type: string - provider: - description: Provider of the Security Token Service. - enum: - - aws - - ldap - type: string - secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the STS endpoint. This Secret must contain the fields `username` - and `password` and is supported only for the `ldap` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - endpoint - - provider - type: object suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - Bucket. + description: This flag tells the controller to suspend the reconciliation + of this source. type: boolean timeout: default: 60s - description: Timeout for fetch operations, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ + description: The timeout for download operations, defaults to 60s. type: string required: - bucketName - endpoint - interval type: object - x-kubernetes-validations: - - message: STS configuration is only supported for the 'aws' and 'generic' - Bucket providers - rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) - - message: '''aws'' is the only supported STS provider for the ''aws'' - Bucket provider' - rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider - == 'aws' - - message: '''ldap'' is the only supported STS provider for the ''generic'' - Bucket provider' - rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider - == 'ldap' - - message: spec.sts.secretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' - - message: spec.sts.certSecretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' - - message: ServiceAccountName is not supported for the 'generic' Bucket - provider - rule: self.provider != 'generic' || !has(self.serviceAccountName) - - message: cannot set both .spec.secretRef and .spec.serviceAccountName - rule: '!has(self.secretRef) || !has(self.serviceAccountName)' status: default: observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. + description: BucketStatus defines the observed state of a bucket properties: artifact: - description: Artifact represents the last successful Bucket reconciliation. + description: Artifact represents the output of the last successful + Bucket sync. properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. format: date-time type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of this artifact. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of this artifact. type: string required: - - digest - - lastUpdateTime - path - - revision - url type: object conditions: description: Conditions holds the conditions for the Bucket. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -341,6 +213,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -353,31 +229,22 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. + description: ObservedGeneration is the last observed generation. format: int64 type: integer - observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. - type: string url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - BucketStatus.Artifact data is recommended. + description: URL is the download link for the artifact output of the + last Bucket sync. type: string type: object type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -393,57 +260,49 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - deprecated: true - deprecationWarning: v1beta2 Bucket is deprecated, upgrade to v1 name: v1beta2 schema: openAPIV3Schema: description: Bucket is the Schema for the buckets API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: |- - BucketSpec specifies the required configuration to produce an Artifact for - an object storage bucket. + description: BucketSpec specifies the required configuration to produce + an Artifact for an object storage bucket. properties: accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' properties: namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. properties: matchLabels: additionalProperties: type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: array @@ -453,47 +312,23 @@ spec: bucketName: description: BucketName is the name of the object storage bucket. type: string - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - bucket. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - This field is only supported for the `generic` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object endpoint: description: Endpoint is the object storage address the BucketName is located at. type: string ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. type: string insecure: description: Insecure allows connecting to a non-TLS HTTP Endpoint. type: boolean interval: - description: |- - Interval at which the Bucket Endpoint is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. + description: Interval at which the Bucket Endpoint is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string prefix: @@ -502,35 +337,21 @@ spec: type: string provider: default: generic - description: |- - Provider of the object storage bucket. - Defaults to 'generic', which expects an S3 (API) compatible object - storage. + description: Provider of the object storage bucket. Defaults to 'generic', + which expects an S3 (API) compatible object storage. enum: - generic - aws - gcp - azure type: string - proxySecretRef: - description: |- - ProxySecretRef specifies the Secret containing the proxy configuration - to use while communicating with the Bucket server. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object region: description: Region of the Endpoint where the BucketName is located in. type: string secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the Bucket. + description: SecretRef specifies the Secret containing authentication + credentials for the Bucket. properties: name: description: Name of the referent. @@ -538,69 +359,9 @@ spec: required: - name type: object - sts: - description: |- - STS specifies the required configuration to use a Security Token - Service for fetching temporary credentials to authenticate in a - Bucket provider. - - This field is only supported for the `aws` and `generic` providers. - properties: - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - STS endpoint. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - This field is only supported for the `ldap` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - endpoint: - description: |- - Endpoint is the HTTP/S endpoint of the Security Token Service from - where temporary credentials will be fetched. - pattern: ^(http|https)://.*$ - type: string - provider: - description: Provider of the Security Token Service. - enum: - - aws - - ldap - type: string - secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the STS endpoint. This Secret must contain the fields `username` - and `password` and is supported only for the `ldap` provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - endpoint - - provider - type: object suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - Bucket. + description: Suspend tells the controller to suspend the reconciliation + of this Bucket. type: boolean timeout: default: 60s @@ -612,22 +373,6 @@ spec: - endpoint - interval type: object - x-kubernetes-validations: - - message: STS configuration is only supported for the 'aws' and 'generic' - Bucket providers - rule: self.provider == 'aws' || self.provider == 'generic' || !has(self.sts) - - message: '''aws'' is the only supported STS provider for the ''aws'' - Bucket provider' - rule: self.provider != 'aws' || !has(self.sts) || self.sts.provider - == 'aws' - - message: '''ldap'' is the only supported STS provider for the ''generic'' - Bucket provider' - rule: self.provider != 'generic' || !has(self.sts) || self.sts.provider - == 'ldap' - - message: spec.sts.secretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.secretRef)' - - message: spec.sts.certSecretRef is not required for the 'aws' STS provider - rule: '!has(self.sts) || self.sts.provider != ''aws'' || !has(self.sts.certSecretRef)' status: default: observedGeneration: -1 @@ -636,14 +381,17 @@ spec: artifact: description: Artifact represents the last successful Bucket reconciliation. properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) + type: string digest: description: Digest is the digest of the file in the form of ':'. pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -652,28 +400,26 @@ spec: description: Metadata holds upstream information such as OCI annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -682,35 +428,43 @@ spec: conditions: description: Conditions holds the conditions for the Bucket. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -725,6 +479,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -737,10 +495,9 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: description: ObservedGeneration is the last observed generation of @@ -748,20 +505,17 @@ spec: format: int64 type: integer observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. type: string url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - BucketStatus.Artifact data is recommended. + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact + data is recommended. type: string type: object type: object served: true - storage: false + storage: true subresources: status: {} - diff --git a/definitions/source.toolkit.fluxcd.io/gitrepository.yaml b/definitions/source.toolkit.fluxcd.io/gitrepository.yaml index b9c640ae3..ed235034e 100644 --- a/definitions/source.toolkit.fluxcd.io/gitrepository.yaml +++ b/definitions/source.toolkit.fluxcd.io/gitrepository.yaml @@ -1,9 +1,8 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.12.0 name: gitrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -35,51 +34,42 @@ spec: description: GitRepository is the Schema for the gitrepositories API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: |- - GitRepositorySpec specifies the required configuration to produce an - Artifact for a Git repository. + description: GitRepositorySpec specifies the required configuration to + produce an Artifact for a Git repository. properties: ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. type: string include: - description: |- - Include specifies a list of GitRepository resources which Artifacts - should be included in the Artifact produced for this GitRepository. + description: Include specifies a list of GitRepository resources which + Artifacts should be included in the Artifact produced for this GitRepository. items: - description: |- - GitRepositoryInclude specifies a local reference to a GitRepository which - Artifact (sub-)contents must be included, and where they should be placed. + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. properties: fromPath: - description: |- - FromPath specifies the path to copy contents from, defaults to the root - of the Artifact. + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. type: string repository: - description: |- - GitRepositoryRef specifies the GitRepository which Artifact contents - must be included. + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. properties: name: description: Name of the referent. @@ -88,34 +78,22 @@ spec: - name type: object toPath: - description: |- - ToPath specifies the path to copy contents to, defaults to the name of - the GitRepositoryRef. + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. type: string required: - repository type: object type: array interval: - description: |- - Interval at which the GitRepository URL is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. + description: Interval at which the GitRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string - provider: - description: |- - Provider used for authentication, can be 'azure', 'github', 'generic'. - When not specified, defaults to 'generic'. - enum: - - generic - - azure - - github - type: string proxySecretRef: - description: |- - ProxySecretRef specifies the Secret containing the proxy configuration - to use while communicating with the Git server. + description: ProxySecretRef specifies the Secret containing the proxy + configuration to use while communicating with the Git server. properties: name: description: Name of the referent. @@ -124,32 +102,29 @@ spec: - name type: object recurseSubmodules: - description: |- - RecurseSubmodules enables the initialization of all submodules within - the GitRepository as cloned from the URL, using their default settings. + description: RecurseSubmodules enables the initialization of all submodules + within the GitRepository as cloned from the URL, using their default + settings. type: boolean ref: - description: |- - Reference specifies the Git reference to resolve and monitor for - changes, defaults to the 'master' branch. + description: Reference specifies the Git reference to resolve and + monitor for changes, defaults to the 'master' branch. properties: branch: description: Branch to check out, defaults to 'master' if no other field is defined. type: string commit: - description: |- - Commit SHA to check out, takes precedence over all reference fields. - - This can be combined with Branch to shallow clone the branch, in which - the commit is expected to exist. + description: "Commit SHA to check out, takes precedence over all + reference fields. \n This can be combined with Branch to shallow + clone the branch, in which the commit is expected to exist." type: string name: - description: |- - Name of the reference to check out; takes precedence over Branch, Tag and SemVer. - - It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description - Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head" + description: "Name of the reference to check out; takes precedence + over Branch, Tag and SemVer. \n It must be a valid Git reference: + https://git-scm.com/docs/git-check-ref-format#_description Examples: + \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", + \"refs/merge-requests/1/head\"" type: string semver: description: SemVer tag expression to check out, takes precedence @@ -160,13 +135,11 @@ spec: type: string type: object secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials for - the GitRepository. - For HTTPS repositories the Secret must contain 'username' and 'password' - fields for basic auth or 'bearerToken' field for token auth. - For SSH repositories the Secret must contain 'identity' - and 'known_hosts' fields. + description: SecretRef specifies the Secret containing authentication + credentials for the GitRepository. For HTTPS repositories the Secret + must contain 'username' and 'password' fields for basic auth or + 'bearerToken' field for token auth. For SSH repositories the Secret + must contain 'identity' and 'known_hosts' fields. properties: name: description: Name of the referent. @@ -174,23 +147,9 @@ spec: required: - name type: object - serviceAccountName: - description: |- - ServiceAccountName is the name of the Kubernetes ServiceAccount used to - authenticate to the GitRepository. This field is only supported for 'azure' provider. - type: string - sparseCheckout: - description: |- - SparseCheckout specifies a list of directories to checkout when cloning - the repository. If specified, only these directories are included in the - Artifact produced for this GitRepository. - items: - type: string - type: array suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - GitRepository. + description: Suspend tells the controller to suspend the reconciliation + of this GitRepository. type: boolean timeout: default: 60s @@ -204,18 +163,15 @@ spec: pattern: ^(http|https|ssh)://.*$ type: string verify: - description: |- - Verification specifies the configuration to verify the Git commit - signature(s). + description: Verification specifies the configuration to verify the + Git commit signature(s). properties: mode: default: HEAD - description: |- - Mode specifies which Git object(s) should be verified. - - The variants "head" and "HEAD" both imply the same thing, i.e. verify - the commit that the HEAD of the Git repository points to. The variant - "head" solely exists to ensure backwards compatibility. + description: "Mode specifies which Git object(s) should be verified. + \n The variants \"head\" and \"HEAD\" both imply the same thing, + i.e. verify the commit that the HEAD of the Git repository points + to. The variant \"head\" solely exists to ensure backwards compatibility." enum: - head - HEAD @@ -223,9 +179,8 @@ spec: - TagAndHEAD type: string secretRef: - description: |- - SecretRef specifies the Secret containing the public keys of trusted Git - authors. + description: SecretRef specifies the Secret containing the public + keys of trusted Git authors. properties: name: description: Name of the referent. @@ -240,10 +195,6 @@ spec: - interval - url type: object - x-kubernetes-validations: - - message: serviceAccountName can only be set when provider is 'azure' - rule: '!has(self.serviceAccountName) || (has(self.provider) && self.provider - == ''azure'')' status: default: observedGeneration: -1 @@ -258,9 +209,8 @@ spec: pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -269,28 +219,26 @@ spec: description: Metadata holds upstream information such as OCI annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -299,35 +247,43 @@ spec: conditions: description: Conditions holds the conditions for the GitRepository. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -342,6 +298,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -354,9 +314,8 @@ spec: type: object type: array includedArtifacts: - description: |- - IncludedArtifacts contains a list of the last successfully included - Artifacts as instructed by GitRepositorySpec.Include. + description: IncludedArtifacts contains a list of the last successfully + included Artifacts as instructed by GitRepositorySpec.Include. items: description: Artifact represents the output of a Source reconciliation. properties: @@ -366,9 +325,8 @@ spec: pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -378,28 +336,27 @@ spec: annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. + It can be used to locate the file in the root of the Artifact + storage on the local file system of the controller managing + the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -407,40 +364,34 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the GitRepository - object. + description: ObservedGeneration is the last observed generation of + the GitRepository object. format: int64 type: integer observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. type: string observedInclude: - description: |- - ObservedInclude is the observed list of GitRepository resources used to - produce the current Artifact. + description: ObservedInclude is the observed list of GitRepository + resources used to produce the current Artifact. items: - description: |- - GitRepositoryInclude specifies a local reference to a GitRepository which - Artifact (sub-)contents must be included, and where they should be placed. + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. properties: fromPath: - description: |- - FromPath specifies the path to copy contents from, defaults to the root - of the Artifact. + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. type: string repository: - description: |- - GitRepositoryRef specifies the GitRepository which Artifact contents - must be included. + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. properties: name: description: Name of the referent. @@ -449,30 +400,20 @@ spec: - name type: object toPath: - description: |- - ToPath specifies the path to copy contents to, defaults to the name of - the GitRepositoryRef. + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. type: string required: - repository type: object type: array observedRecurseSubmodules: - description: |- - ObservedRecurseSubmodules is the observed resource submodules + description: ObservedRecurseSubmodules is the observed resource submodules configuration used to produce the current Artifact. type: boolean - observedSparseCheckout: - description: |- - ObservedSparseCheckout is the observed list of directories used to - produce the current Artifact. - items: - type: string - type: array sourceVerificationMode: - description: |- - SourceVerificationMode is the last used verification mode indicating - which Git object(s) have been verified. + description: SourceVerificationMode is the last used verification + mode indicating which Git object(s) have been verified. type: string type: object type: object @@ -480,6 +421,340 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1 + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object + gitImplementation: + default: go-git + description: Determines which git client library to use. Defaults + to go-git, valid values are ('go-git', 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. + type: string + include: + description: Extra git repositories to map into the repository + items: + description: GitRepositoryInclude defines a source with a from and + to path. + properties: + fromPath: + description: The path to copy contents from, defaults to the + root directory. + type: string + repository: + description: Reference to a GitRepository to include. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + toPath: + description: The path to copy contents to, defaults to the name + of the source ref. + type: string + required: + - repository + type: object + type: array + interval: + description: The interval at which to check for repository updates. + type: string + recurseSubmodules: + description: When enabled, after the clone is created, initializes + all submodules within, using their default settings. This option + is available only when using the 'go-git' GitImplementation. + type: boolean + ref: + description: The Git reference to checkout and monitor for changes, + defaults to master branch. + properties: + branch: + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified Tag + filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence over + Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence over Branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS + repositories the secret must contain username and password fields. + For SSH repositories the secret must contain identity and known_hosts + fields. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation + of this source. + type: boolean + timeout: + default: 60s + description: The timeout for remote Git operations like cloning, defaults + to 60s. + type: string + url: + description: The repository URL, can be a HTTP/S or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + verify: + description: Verify OpenPGP signature for the Git commit HEAD points + to. + properties: + mode: + description: Mode describes what git object should be verified, + currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all + trusted Git authors. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + default: + observedGeneration: -1 + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful + repository sync. + properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + includedArtifacts: + description: IncludedArtifacts represents the included artifacts from + the last successful repository sync. + items: + description: Artifact represents the output of a source synchronisation. + properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact + file (obsolete) + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the + last repository sync. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} - additionalPrinterColumns: - jsonPath: .spec.url name: URL @@ -501,49 +776,43 @@ spec: description: GitRepository is the Schema for the gitrepositories API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: |- - GitRepositorySpec specifies the required configuration to produce an - Artifact for a Git repository. + description: GitRepositorySpec specifies the required configuration to + produce an Artifact for a Git repository. properties: accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' properties: namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. properties: matchLabels: additionalProperties: type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: array @@ -552,39 +821,35 @@ spec: type: object gitImplementation: default: go-git - description: |- - GitImplementation specifies which Git client library implementation to - use. Defaults to 'go-git', valid values are ('go-git', 'libgit2'). - Deprecated: gitImplementation is deprecated now that 'go-git' is the - only supported implementation. + description: 'GitImplementation specifies which Git client library + implementation to use. Defaults to ''go-git'', valid values are + (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated + now that ''go-git'' is the only supported implementation.' enum: - go-git - libgit2 type: string ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. type: string include: - description: |- - Include specifies a list of GitRepository resources which Artifacts - should be included in the Artifact produced for this GitRepository. + description: Include specifies a list of GitRepository resources which + Artifacts should be included in the Artifact produced for this GitRepository. items: - description: |- - GitRepositoryInclude specifies a local reference to a GitRepository which - Artifact (sub-)contents must be included, and where they should be placed. + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. properties: fromPath: - description: |- - FromPath specifies the path to copy contents from, defaults to the root - of the Artifact. + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. type: string repository: - description: |- - GitRepositoryRef specifies the GitRepository which Artifact contents - must be included. + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. properties: name: description: Name of the referent. @@ -593,9 +858,8 @@ spec: - name type: object toPath: - description: |- - ToPath specifies the path to copy contents to, defaults to the name of - the GitRepositoryRef. + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. type: string required: - repository @@ -606,32 +870,29 @@ spec: pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string recurseSubmodules: - description: |- - RecurseSubmodules enables the initialization of all submodules within - the GitRepository as cloned from the URL, using their default settings. + description: RecurseSubmodules enables the initialization of all submodules + within the GitRepository as cloned from the URL, using their default + settings. type: boolean ref: - description: |- - Reference specifies the Git reference to resolve and monitor for - changes, defaults to the 'master' branch. + description: Reference specifies the Git reference to resolve and + monitor for changes, defaults to the 'master' branch. properties: branch: description: Branch to check out, defaults to 'master' if no other field is defined. type: string commit: - description: |- - Commit SHA to check out, takes precedence over all reference fields. - - This can be combined with Branch to shallow clone the branch, in which - the commit is expected to exist. + description: "Commit SHA to check out, takes precedence over all + reference fields. \n This can be combined with Branch to shallow + clone the branch, in which the commit is expected to exist." type: string name: - description: |- - Name of the reference to check out; takes precedence over Branch, Tag and SemVer. - - It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description - Examples: "refs/heads/main", "refs/tags/v0.1.0", "refs/pull/420/head", "refs/merge-requests/1/head" + description: "Name of the reference to check out; takes precedence + over Branch, Tag and SemVer. \n It must be a valid Git reference: + https://git-scm.com/docs/git-check-ref-format#_description Examples: + \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", + \"refs/merge-requests/1/head\"" type: string semver: description: SemVer tag expression to check out, takes precedence @@ -642,13 +903,11 @@ spec: type: string type: object secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials for - the GitRepository. - For HTTPS repositories the Secret must contain 'username' and 'password' - fields for basic auth or 'bearerToken' field for token auth. - For SSH repositories the Secret must contain 'identity' - and 'known_hosts' fields. + description: SecretRef specifies the Secret containing authentication + credentials for the GitRepository. For HTTPS repositories the Secret + must contain 'username' and 'password' fields for basic auth or + 'bearerToken' field for token auth. For SSH repositories the Secret + must contain 'identity' and 'known_hosts' fields. properties: name: description: Name of the referent. @@ -657,9 +916,8 @@ spec: - name type: object suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - GitRepository. + description: Suspend tells the controller to suspend the reconciliation + of this GitRepository. type: boolean timeout: default: 60s @@ -673,9 +931,8 @@ spec: pattern: ^(http|https|ssh)://.*$ type: string verify: - description: |- - Verification specifies the configuration to verify the Git commit - signature(s). + description: Verification specifies the configuration to verify the + Git commit signature(s). properties: mode: description: Mode specifies what Git object should be verified, @@ -684,9 +941,8 @@ spec: - head type: string secretRef: - description: |- - SecretRef specifies the Secret containing the public keys of trusted Git - authors. + description: SecretRef specifies the Secret containing the public + keys of trusted Git authors. properties: name: description: Name of the referent. @@ -716,9 +972,8 @@ spec: pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -727,28 +982,26 @@ spec: description: Metadata holds upstream information such as OCI annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -757,35 +1010,43 @@ spec: conditions: description: Conditions holds the conditions for the GitRepository. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -800,6 +1061,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -812,24 +1077,18 @@ spec: type: object type: array contentConfigChecksum: - description: |- - ContentConfigChecksum is a checksum of all the configurations related to - the content of the source artifact: - - .spec.ignore - - .spec.recurseSubmodules - - .spec.included and the checksum of the included artifacts - observed in .status.observedGeneration version of the object. This can - be used to determine if the content of the included repository has - changed. - It has the format of `:`, for example: `sha256:`. - - Deprecated: Replaced with explicit fields for observed artifact content - config in the status. + description: "ContentConfigChecksum is a checksum of all the configurations + related to the content of the source artifact: - .spec.ignore - + .spec.recurseSubmodules - .spec.included and the checksum of the + included artifacts observed in .status.observedGeneration version + of the object. This can be used to determine if the content of the + included repository has changed. It has the format of `:`, + for example: `sha256:`. \n Deprecated: Replaced with explicit + fields for observed artifact content config in the status." type: string includedArtifacts: - description: |- - IncludedArtifacts contains a list of the last successfully included - Artifacts as instructed by GitRepositorySpec.Include. + description: IncludedArtifacts contains a list of the last successfully + included Artifacts as instructed by GitRepositorySpec.Include. items: description: Artifact represents the output of a Source reconciliation. properties: @@ -839,9 +1098,8 @@ spec: pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -851,28 +1109,27 @@ spec: annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. + It can be used to locate the file in the root of the Artifact + storage on the local file system of the controller managing + the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -880,40 +1137,34 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the GitRepository - object. + description: ObservedGeneration is the last observed generation of + the GitRepository object. format: int64 type: integer observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. type: string observedInclude: - description: |- - ObservedInclude is the observed list of GitRepository resources used to - to produce the current Artifact. + description: ObservedInclude is the observed list of GitRepository + resources used to to produce the current Artifact. items: - description: |- - GitRepositoryInclude specifies a local reference to a GitRepository which - Artifact (sub-)contents must be included, and where they should be placed. + description: GitRepositoryInclude specifies a local reference to + a GitRepository which Artifact (sub-)contents must be included, + and where they should be placed. properties: fromPath: - description: |- - FromPath specifies the path to copy contents from, defaults to the root - of the Artifact. + description: FromPath specifies the path to copy contents from, + defaults to the root of the Artifact. type: string repository: - description: |- - GitRepositoryRef specifies the GitRepository which Artifact contents - must be included. + description: GitRepositoryRef specifies the GitRepository which + Artifact contents must be included. properties: name: description: Name of the referent. @@ -922,24 +1173,21 @@ spec: - name type: object toPath: - description: |- - ToPath specifies the path to copy contents to, defaults to the name of - the GitRepositoryRef. + description: ToPath specifies the path to copy contents to, + defaults to the name of the GitRepositoryRef. type: string required: - repository type: object type: array observedRecurseSubmodules: - description: |- - ObservedRecurseSubmodules is the observed resource submodules + description: ObservedRecurseSubmodules is the observed resource submodules configuration used to produce the current Artifact. type: boolean url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - GitRepositoryStatus.Artifact data is recommended. + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact + data is recommended. type: string type: object type: object @@ -947,4 +1195,3 @@ spec: storage: false subresources: status: {} - diff --git a/definitions/source.toolkit.fluxcd.io/helmchart.yaml b/definitions/source.toolkit.fluxcd.io/helmchart.yaml index d072403e5..f94e9181c 100644 --- a/definitions/source.toolkit.fluxcd.io/helmchart.yaml +++ b/definitions/source.toolkit.fluxcd.io/helmchart.yaml @@ -1,9 +1,8 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.12.0 name: helmcharts.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -29,79 +28,88 @@ spec: - jsonPath: .spec.sourceRef.name name: Source Name type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - name: v1 + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 schema: openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. + description: HelmChart is the Schema for the helmcharts API properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: HelmChartSpec specifies the desired state of a Helm chart. + description: HelmChartSpec defines the desired state of a Helm chart. properties: + accessFrom: + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. + properties: + namespaceSelectors: + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. + items: + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. + properties: + matchLabels: + additionalProperties: + type: string + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + required: + - namespaceSelectors + type: object chart: - description: |- - Chart is the name or path the Helm chart is available at in the + description: The name or path the Helm chart is available at in the SourceRef. type: string - ignoreMissingValuesFiles: - description: |- - IgnoreMissingValuesFiles controls whether to silently ignore missing values - files rather than failing. - type: boolean interval: - description: |- - Interval at which the HelmChart SourceRef is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + description: The interval at which to check the Source for updates. type: string reconcileStrategy: default: ChartVersion - description: |- - ReconcileStrategy determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their behavior. - Defaults to ChartVersion when omitted. + description: Determines what enables the creation of a new artifact. + Valid values are ('ChartVersion', 'Revision'). See the documentation + of the values for an explanation on their behavior. Defaults to + ChartVersion when omitted. enum: - ChartVersion - Revision type: string sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. + description: The reference to the Source the chart is available at. properties: apiVersion: description: APIVersion of the referent. type: string kind: - description: |- - Kind of the referent, valid values are ('HelmRepository', 'GitRepository', - 'Bucket'). + description: Kind of the referent, valid values are ('HelmRepository', + 'GitRepository', 'Bucket'). enum: - HelmRepository - GitRepository @@ -115,83 +123,28 @@ spec: - name type: object suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - source. + description: This flag tells the controller to suspend the reconciliation + of this source. type: boolean + valuesFile: + description: Alternative values file to use as the default chart values, + expected to be a relative path in the SourceRef. Deprecated in favor + of ValuesFiles, for backwards compatibility the file defined here + is merged before the ValuesFiles items. Ignored when omitted. + type: string valuesFiles: - description: |- - ValuesFiles is an alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be a - relative path in the SourceRef. - Values files are merged in the order of this list with the last file - overriding the first. Ignored when omitted. + description: Alternative list of values files to use as the chart + values (values.yaml is not included by default), expected to be + a relative path in the SourceRef. Values files are merged in the + order of this list with the last file overriding the first. Ignored + when omitted. items: type: string type: array - verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. - This field is only supported when using HelmRepository source with spec.type 'oci'. - Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified. - properties: - matchOIDCIdentity: - description: |- - MatchOIDCIdentity specifies the identity matching criteria to use - while verifying an OCI artifact which was signed using Cosign keyless - signing. The artifact's identity is deemed to be verified if any of the - specified matchers match against the identity. - items: - description: |- - OIDCIdentityMatch specifies options for verifying the certificate identity, - i.e. the issuer and the subject of the certificate. - properties: - issuer: - description: |- - Issuer specifies the regex pattern to match against to verify - the OIDC issuer in the Fulcio certificate. The pattern must be a - valid Go regular expression. - type: string - subject: - description: |- - Subject specifies the regex pattern to match against to verify - the identity subject in the Fulcio certificate. The pattern must - be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - - notation - type: string - secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object version: default: '*' - description: |- - Version is the chart version semver expression, ignored for charts from - GitRepository and Bucket sources. Defaults to latest when omitted. + description: The chart version semver expression, ignored for charts + from GitRepository and Bucket sources. Defaults to latest when omitted. type: string required: - chart @@ -201,87 +154,76 @@ spec: status: default: observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. + description: HelmChartStatus defines the observed state of the HelmChart. properties: artifact: description: Artifact represents the output of the last successful - reconciliation. + chart sync. properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. format: date-time type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of this artifact. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of this artifact. type: string required: - - digest - - lastUpdateTime - path - - revision - url type: object conditions: description: Conditions holds the conditions for the HelmChart. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -296,6 +238,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -308,45 +254,21 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedChartName: - description: |- - ObservedChartName is the last observed chart name as specified by the - resolved chart reference. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the HelmChart - object. + description: ObservedGeneration is the last observed generation. format: int64 type: integer - observedSourceArtifactRevision: - description: |- - ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - observedValuesFiles: - description: |- - ObservedValuesFiles are the observed value files of the last successful - reconciliation. - It matches the chart in the last successfully reconciled artifact. - items: - type: string - type: array url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - BucketStatus.Artifact data is recommended. + description: URL is the download link for the last chart pulled. type: string type: object type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -371,27 +293,20 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - deprecated: true - deprecationWarning: v1beta2 HelmChart is deprecated, upgrade to v1 name: v1beta2 schema: openAPIV3Schema: description: HelmChart is the Schema for the helmcharts API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -399,27 +314,27 @@ spec: description: HelmChartSpec specifies the desired state of a Helm chart. properties: accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' properties: namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. properties: matchLabels: additionalProperties: type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: array @@ -427,29 +342,21 @@ spec: - namespaceSelectors type: object chart: - description: |- - Chart is the name or path the Helm chart is available at in the - SourceRef. + description: Chart is the name or path the Helm chart is available + at in the SourceRef. type: string - ignoreMissingValuesFiles: - description: |- - IgnoreMissingValuesFiles controls whether to silently ignore missing values - files rather than failing. - type: boolean interval: - description: |- - Interval at which the HelmChart SourceRef is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. + description: Interval at which the HelmChart SourceRef is checked + for updates. This interval is approximate and may be subject to + jitter to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string reconcileStrategy: default: ChartVersion - description: |- - ReconcileStrategy determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their behavior. - Defaults to ChartVersion when omitted. + description: ReconcileStrategy determines what enables the creation + of a new artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on their + behavior. Defaults to ChartVersion when omitted. enum: - ChartVersion - Revision @@ -462,9 +369,8 @@ spec: description: APIVersion of the referent. type: string kind: - description: |- - Kind of the referent, valid values are ('HelmRepository', 'GitRepository', - 'Bucket'). + description: Kind of the referent, valid values are ('HelmRepository', + 'GitRepository', 'Bucket'). enum: - HelmRepository - GitRepository @@ -478,57 +384,53 @@ spec: - name type: object suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - source. + description: Suspend tells the controller to suspend the reconciliation + of this source. type: boolean valuesFile: - description: |- - ValuesFile is an alternative values file to use as the default chart - values, expected to be a relative path in the SourceRef. Deprecated in - favor of ValuesFiles, for backwards compatibility the file specified here - is merged before the ValuesFiles items. Ignored when omitted. + description: ValuesFile is an alternative values file to use as the + default chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file specified here is merged before the ValuesFiles items. + Ignored when omitted. type: string valuesFiles: - description: |- - ValuesFiles is an alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be a - relative path in the SourceRef. - Values files are merged in the order of this list with the last file - overriding the first. Ignored when omitted. + description: ValuesFiles is an alternative list of values files to + use as the chart values (values.yaml is not included by default), + expected to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding the + first. Ignored when omitted. items: type: string type: array verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. - This field is only supported when using HelmRepository source with spec.type 'oci'. - Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified. + description: Verify contains the secret name containing the trusted + public keys used to verify the signature and specifies which provider + to use to check whether OCI image is authentic. This field is only + supported when using HelmRepository source with spec.type 'oci'. + Chart dependencies, which are not bundled in the umbrella chart + artifact, are not verified. properties: matchOIDCIdentity: - description: |- - MatchOIDCIdentity specifies the identity matching criteria to use - while verifying an OCI artifact which was signed using Cosign keyless - signing. The artifact's identity is deemed to be verified if any of the - specified matchers match against the identity. + description: MatchOIDCIdentity specifies the identity matching + criteria to use while verifying an OCI artifact which was signed + using Cosign keyless signing. The artifact's identity is deemed + to be verified if any of the specified matchers match against + the identity. items: - description: |- - OIDCIdentityMatch specifies options for verifying the certificate identity, - i.e. the issuer and the subject of the certificate. + description: OIDCIdentityMatch specifies options for verifying + the certificate identity, i.e. the issuer and the subject + of the certificate. properties: issuer: - description: |- - Issuer specifies the regex pattern to match against to verify - the OIDC issuer in the Fulcio certificate. The pattern must be a - valid Go regular expression. + description: Issuer specifies the regex pattern to match + against to verify the OIDC issuer in the Fulcio certificate. + The pattern must be a valid Go regular expression. type: string subject: - description: |- - Subject specifies the regex pattern to match against to verify - the identity subject in the Fulcio certificate. The pattern must - be a valid Go regular expression. + description: Subject specifies the regex pattern to match + against to verify the identity subject in the Fulcio certificate. + The pattern must be a valid Go regular expression. type: string required: - issuer @@ -541,12 +443,10 @@ spec: OCI Artifact. enum: - cosign - - notation type: string secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. + description: SecretRef specifies the Kubernetes Secret containing + the trusted public keys. properties: name: description: Name of the referent. @@ -559,9 +459,9 @@ spec: type: object version: default: '*' - description: |- - Version is the chart version semver expression, ignored for charts from - GitRepository and Bucket sources. Defaults to latest when omitted. + description: Version is the chart version semver expression, ignored + for charts from GitRepository and Bucket sources. Defaults to latest + when omitted. type: string required: - chart @@ -577,14 +477,17 @@ spec: description: Artifact represents the output of the last successful reconciliation. properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) + type: string digest: description: Digest is the digest of the file in the form of ':'. pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -593,28 +496,26 @@ spec: description: Metadata holds upstream information such as OCI annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -623,35 +524,43 @@ spec: conditions: description: Conditions holds the conditions for the HelmChart. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -666,6 +575,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -678,45 +591,31 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedChartName: - description: |- - ObservedChartName is the last observed chart name as specified by the - resolved chart reference. + description: ObservedChartName is the last observed chart name as + specified by the resolved chart reference. type: string observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the HelmChart - object. + description: ObservedGeneration is the last observed generation of + the HelmChart object. format: int64 type: integer observedSourceArtifactRevision: - description: |- - ObservedSourceArtifactRevision is the last observed Artifact.Revision + description: ObservedSourceArtifactRevision is the last observed Artifact.Revision of the HelmChartSpec.SourceRef. type: string - observedValuesFiles: - description: |- - ObservedValuesFiles are the observed value files of the last successful - reconciliation. - It matches the chart in the last successfully reconciled artifact. - items: - type: string - type: array url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - BucketStatus.Artifact data is recommended. + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact + data is recommended. type: string type: object type: object served: true - storage: false + storage: true subresources: status: {} - diff --git a/definitions/source.toolkit.fluxcd.io/helmrepository.yaml b/definitions/source.toolkit.fluxcd.io/helmrepository.yaml index e1855e7d7..2b0700ada 100644 --- a/definitions/source.toolkit.fluxcd.io/helmrepository.yaml +++ b/definitions/source.toolkit.fluxcd.io/helmrepository.yaml @@ -1,9 +1,8 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.12.0 name: helmrepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -20,135 +19,78 @@ spec: - jsonPath: .spec.url name: URL type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - jsonPath: .status.conditions[?(@.type=="Ready")].status name: Ready type: string - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - name: v1 + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 schema: openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. + description: HelmRepository is the Schema for the helmrepositories API properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: |- - HelmRepositorySpec specifies the required configuration to produce an - Artifact for a Helm repository index YAML. + description: HelmRepositorySpec defines the reference to a Helm repository. properties: accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 + description: AccessFrom defines an Access Control List for allowing + cross-namespace references to this object. properties: namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. properties: matchLabels: additionalProperties: type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: array required: - namespaceSelectors type: object - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - It takes precedence over the values specified in the Secret referred - to by `.spec.secretRef`. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - insecure: - description: |- - Insecure allows connecting to a non-TLS HTTP container registry. - This field is only taken into account if the .spec.type field is set to 'oci'. - type: boolean interval: - description: |- - Interval at which the HelmRepository URL is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + description: The interval at which to check the upstream for updates. type: string passCredentials: - description: |- - PassCredentials allows the credentials from the SecretRef to be passed - on to a host that does not match the host as defined in URL. - This may be required if the host of the advertised chart URLs in the - index differ from the defined URL. - Enabling this should be done with caution, as it can potentially result - in credentials getting stolen in a MITM-attack. + description: PassCredentials allows the credentials from the SecretRef + to be passed on to a host that does not match the host as defined + in URL. This may be required if the host of the advertised chart + URLs in the index differ from the defined URL. Enabling this should + be done with caution, as it can potentially result in credentials + getting stolen in a MITM-attack. type: boolean - provider: - default: generic - description: |- - Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. - This field is optional, and only taken into account if the .spec.type field is set to 'oci'. - When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the HelmRepository. - For HTTP/S basic auth the secret must contain 'username' and 'password' - fields. - Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' - keys is deprecated. Please use `.spec.certSecretRef` instead. + description: The name of the secret containing authentication credentials + for the Helm repository. For HTTP/S basic auth the secret must contain + username and password fields. For TLS the secret must contain a + certFile and keyFile, and/or caFile fields. properties: name: description: Name of the referent. @@ -157,119 +99,94 @@ spec: - name type: object suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - HelmRepository. + description: This flag tells the controller to suspend the reconciliation + of this source. type: boolean timeout: - description: |- - Timeout is used for the index fetch operation for an HTTPS helm repository, - and for remote OCI Repository operations like pulling for an OCI helm - chart by the associated HelmChart. - Its default value is 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: |- - Type of the HelmRepository. - When this field is set to "oci", the URL field value must be prefixed with "oci://". - enum: - - default - - oci + default: 60s + description: The timeout of index downloading, defaults to 60s. type: string url: - description: |- - URL of the Helm repository, a valid URL contains at least a protocol and - host. - pattern: ^(http|https|oci)://.*$ + description: The Helm repository URL, a valid URL contains at least + a protocol and host. type: string required: + - interval - url type: object status: default: observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. + description: HelmRepositoryStatus defines the observed state of the HelmRepository. properties: artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. + description: Artifact represents the output of the last successful + repository sync. properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of this artifact. format: date-time type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of this artifact. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm index timestamp, a Helm chart version, etc. type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of this artifact. type: string required: - - digest - - lastUpdateTime - path - - revision - url type: object conditions: description: Conditions holds the conditions for the HelmRepository. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -284,6 +201,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -296,27 +217,21 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the HelmRepository - object. + description: ObservedGeneration is the last observed generation. format: int64 type: integer url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - HelmRepositoryStatus.Artifact data is recommended. + description: URL is the download link for the last index fetched. type: string type: object type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -332,57 +247,49 @@ spec: - jsonPath: .status.conditions[?(@.type=="Ready")].message name: Status type: string - deprecated: true - deprecationWarning: v1beta2 HelmRepository is deprecated, upgrade to v1 name: v1beta2 schema: openAPIV3Schema: description: HelmRepository is the Schema for the helmrepositories API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: |- - HelmRepositorySpec specifies the required configuration to produce an - Artifact for a Helm repository index YAML. + description: HelmRepositorySpec specifies the required configuration to + produce an Artifact for a Helm repository index YAML. properties: accessFrom: - description: |- - AccessFrom specifies an Access Control List for allowing cross-namespace - references to this object. - NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092 + description: 'AccessFrom specifies an Access Control List for allowing + cross-namespace references to this object. NOTE: Not implemented, + provisional as of https://github.com/fluxcd/flux2/pull/2092' properties: namespaceSelectors: - description: |- - NamespaceSelectors is the list of namespace selectors to which this ACL applies. - Items in this list are evaluated using a logical OR operation. + description: NamespaceSelectors is the list of namespace selectors + to which this ACL applies. Items in this list are evaluated + using a logical OR operation. items: - description: |- - NamespaceSelector selects the namespaces to which this ACL applies. - An empty map of MatchLabels matches all namespaces in a cluster. + description: NamespaceSelector selects the namespaces to which + this ACL applies. An empty map of MatchLabels matches all + namespaces in a cluster. properties: matchLabels: additionalProperties: type: string - description: |- - MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + description: MatchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object type: array @@ -390,22 +297,15 @@ spec: - namespaceSelectors type: object certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - It takes precedence over the values specified in the Secret referred - to by `.spec.secretRef`. + description: "CertSecretRef can be given the name of a Secret containing + either or both of \n - a PEM-encoded client certificate (`tls.crt`) + and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) + \n and whichever are supplied, will be used for connecting to the + registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. + \n It takes precedence over the values specified in the Secret referred + to by `.spec.secretRef`." properties: name: description: Name of the referent. @@ -414,32 +314,30 @@ spec: - name type: object insecure: - description: |- - Insecure allows connecting to a non-TLS HTTP container registry. - This field is only taken into account if the .spec.type field is set to 'oci'. + description: Insecure allows connecting to a non-TLS HTTP container + registry. This field is only taken into account if the .spec.type + field is set to 'oci'. type: boolean interval: - description: |- - Interval at which the HelmRepository URL is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. + description: Interval at which the HelmRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string passCredentials: - description: |- - PassCredentials allows the credentials from the SecretRef to be passed - on to a host that does not match the host as defined in URL. - This may be required if the host of the advertised chart URLs in the - index differ from the defined URL. - Enabling this should be done with caution, as it can potentially result - in credentials getting stolen in a MITM-attack. + description: PassCredentials allows the credentials from the SecretRef + to be passed on to a host that does not match the host as defined + in URL. This may be required if the host of the advertised chart + URLs in the index differ from the defined URL. Enabling this should + be done with caution, as it can potentially result in credentials + getting stolen in a MITM-attack. type: boolean provider: default: generic - description: |- - Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. - This field is optional, and only taken into account if the .spec.type field is set to 'oci'. - When not specified, defaults to 'generic'. + description: Provider used for authentication, can be 'aws', 'azure', + 'gcp' or 'generic'. This field is optional, and only taken into + account if the .spec.type field is set to 'oci'. When not specified, + defaults to 'generic'. enum: - generic - aws @@ -447,13 +345,11 @@ spec: - gcp type: string secretRef: - description: |- - SecretRef specifies the Secret containing authentication credentials - for the HelmRepository. - For HTTP/S basic auth the secret must contain 'username' and 'password' - fields. - Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' - keys is deprecated. Please use `.spec.certSecretRef` instead. + description: SecretRef specifies the Secret containing authentication + credentials for the HelmRepository. For HTTP/S basic auth the secret + must contain 'username' and 'password' fields. Support for TLS auth + using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. + Please use `.spec.certSecretRef` instead. properties: name: description: Name of the referent. @@ -462,30 +358,27 @@ spec: - name type: object suspend: - description: |- - Suspend tells the controller to suspend the reconciliation of this - HelmRepository. + description: Suspend tells the controller to suspend the reconciliation + of this HelmRepository. type: boolean timeout: - description: |- - Timeout is used for the index fetch operation for an HTTPS helm repository, - and for remote OCI Repository operations like pulling for an OCI helm - chart by the associated HelmChart. + default: 60s + description: Timeout is used for the index fetch operation for an + HTTPS helm repository, and for remote OCI Repository operations + like pulling for an OCI helm chart by the associated HelmChart. Its default value is 60s. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ type: string type: - description: |- - Type of the HelmRepository. - When this field is set to "oci", the URL field value must be prefixed with "oci://". + description: Type of the HelmRepository. When this field is set to "oci", + the URL field value must be prefixed with "oci://". enum: - default - oci type: string url: - description: |- - URL of the Helm repository, a valid URL contains at least a protocol and - host. + description: URL of the Helm repository, a valid URL contains at least + a protocol and host. pattern: ^(http|https|oci)://.*$ type: string required: @@ -500,14 +393,17 @@ spec: description: Artifact represents the last successful HelmRepository reconciliation. properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) + type: string digest: description: Digest is the digest of the file in the form of ':'. pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -516,28 +412,26 @@ spec: description: Metadata holds upstream information such as OCI annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -546,35 +440,43 @@ spec: conditions: description: Conditions holds the conditions for the HelmRepository. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -589,6 +491,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -601,27 +507,23 @@ spec: type: object type: array lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: - description: |- - ObservedGeneration is the last observed generation of the HelmRepository - object. + description: ObservedGeneration is the last observed generation of + the HelmRepository object. format: int64 type: integer url: - description: |- - URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise - HelmRepositoryStatus.Artifact data is recommended. + description: URL is the dynamic fetch link for the latest Artifact. + It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact + data is recommended. type: string type: object type: object served: true - storage: false + storage: true subresources: status: {} - diff --git a/definitions/source.toolkit.fluxcd.io/ocirepository.yaml b/definitions/source.toolkit.fluxcd.io/ocirepository.yaml index 74354a785..b0fdc9aa6 100644 --- a/definitions/source.toolkit.fluxcd.io/ocirepository.yaml +++ b/definitions/source.toolkit.fluxcd.io/ocirepository.yaml @@ -1,9 +1,8 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.12.0 name: ocirepositories.source.toolkit.fluxcd.io spec: group: source.toolkit.fluxcd.io @@ -29,420 +28,20 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1 - schema: - openAPIV3Schema: - description: OCIRepository is the Schema for the ocirepositories API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OCIRepositorySpec defines the desired state of OCIRepository - properties: - certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: |- - Interval at which the OCIRepository URL is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - layerSelector: - description: |- - LayerSelector specifies which layer should be extracted from the OCI artifact. - When not specified, the first layer found in the artifact is selected. - properties: - mediaType: - description: |- - MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The - first layer matching this type is selected. - type: string - operation: - description: |- - Operation specifies how the selected layer should be processed. - By default, the layer compressed content is extracted to storage. - When the operation is set to 'copy', the layer compressed content - is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - provider: - default: generic - description: |- - The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. - When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - proxySecretRef: - description: |- - ProxySecretRef specifies the Secret containing the proxy configuration - to use while communicating with the container registry. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ref: - description: |- - The OCI reference to pull and monitor for changes, - defaults to the latest tag. - properties: - digest: - description: |- - Digest is the image digest to pull, takes precedence over SemVer. - The value should be in the format 'sha256:'. - type: string - semver: - description: |- - SemVer is the range of tags to pull selecting the latest within - the range, takes precedence over Tag. - type: string - semverFilter: - description: SemverFilter is a regex pattern to filter the tags - within the SemVer range. - type: string - tag: - description: Tag is the image tag to pull, defaults to latest. - type: string - type: object - secretRef: - description: |- - SecretRef contains the secret name containing the registry login - credentials to resolve image metadata. - The secret must be of type kubernetes.io/dockerconfigjson. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: |- - ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate - the image pull if the service account has attached pull secrets. For more information: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account - type: string - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote OCI Repository operations like - pulling, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: |- - URL is a reference to an OCI artifact repository hosted - on a remote container registry. - pattern: ^oci://.*$ - type: string - verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. - properties: - matchOIDCIdentity: - description: |- - MatchOIDCIdentity specifies the identity matching criteria to use - while verifying an OCI artifact which was signed using Cosign keyless - signing. The artifact's identity is deemed to be verified if any of the - specified matchers match against the identity. - items: - description: |- - OIDCIdentityMatch specifies options for verifying the certificate identity, - i.e. the issuer and the subject of the certificate. - properties: - issuer: - description: |- - Issuer specifies the regex pattern to match against to verify - the OIDC issuer in the Fulcio certificate. The pattern must be a - valid Go regular expression. - type: string - subject: - description: |- - Subject specifies the regex pattern to match against to verify - the identity subject in the Fulcio certificate. The pattern must - be a valid Go regular expression. - type: string - required: - - issuer - - subject - type: object - type: array - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - - notation - type: string - secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: OCIRepositoryStatus defines the observed state of OCIRepository - properties: - artifact: - description: Artifact represents the output of the last successful - OCI Repository sync. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. - type: string - revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. - type: string - required: - - digest - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the OCIRepository. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. - type: string - observedLayerSelector: - description: |- - ObservedLayerSelector is the observed layer selector used for constructing - the source artifact. - properties: - mediaType: - description: |- - MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The - first layer matching this type is selected. - type: string - operation: - description: |- - Operation specifies how the selected layer should be processed. - By default, the layer compressed content is extracted to storage. - When the operation is set to 'copy', the layer compressed content - is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - url: - description: URL is the download link for the artifact output of the - last OCI Repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta2 OCIRepository is deprecated, upgrade to v1 name: v1beta2 schema: openAPIV3Schema: description: OCIRepository is the Schema for the ocirepositories API properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -450,22 +49,15 @@ spec: description: OCIRepositorySpec defines the desired state of OCIRepository properties: certSecretRef: - description: |- - CertSecretRef can be given the name of a Secret containing - either or both of - - - a PEM-encoded client certificate (`tls.crt`) and private - key (`tls.key`); - - a PEM-encoded CA certificate (`ca.crt`) - - and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are - authenticating with a certificate; the CA cert is useful if - you are using a self-signed server certificate. The Secret must - be of type `Opaque` or `kubernetes.io/tls`. - - Note: Support for the `caFile`, `certFile` and `keyFile` keys have - been deprecated. + description: "CertSecretRef can be given the name of a Secret containing + either or both of \n - a PEM-encoded client certificate (`tls.crt`) + and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) + \n and whichever are supplied, will be used for connecting to the + registry. The client cert and key are useful if you are authenticating + with a certificate; the CA cert is useful if you are using a self-signed + server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. + \n Note: Support for the `caFile`, `certFile` and `keyFile` keys + have been deprecated." properties: name: description: Name of the referent. @@ -474,39 +66,36 @@ spec: - name type: object ignore: - description: |- - Ignore overrides the set of excluded patterns in the .sourceignore format - (which is the same as .gitignore). If not provided, a default will be used, - consult the documentation for your version to find out what those are. + description: Ignore overrides the set of excluded patterns in the + .sourceignore format (which is the same as .gitignore). If not provided, + a default will be used, consult the documentation for your version + to find out what those are. type: string insecure: description: Insecure allows connecting to a non-TLS HTTP container registry. type: boolean interval: - description: |- - Interval at which the OCIRepository URL is checked for updates. - This interval is approximate and may be subject to jitter to ensure - efficient use of resources. + description: Interval at which the OCIRepository URL is checked for + updates. This interval is approximate and may be subject to jitter + to ensure efficient use of resources. pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ type: string layerSelector: - description: |- - LayerSelector specifies which layer should be extracted from the OCI artifact. - When not specified, the first layer found in the artifact is selected. + description: LayerSelector specifies which layer should be extracted + from the OCI artifact. When not specified, the first layer found + in the artifact is selected. properties: mediaType: - description: |- - MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The - first layer matching this type is selected. + description: MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The first layer + matching this type is selected. type: string operation: - description: |- - Operation specifies how the selected layer should be processed. - By default, the layer compressed content is extracted to storage. - When the operation is set to 'copy', the layer compressed content - is persisted to storage as it is. + description: Operation specifies how the selected layer should + be processed. By default, the layer compressed content is extracted + to storage. When the operation is set to 'copy', the layer compressed + content is persisted to storage as it is. enum: - extract - copy @@ -514,54 +103,34 @@ spec: type: object provider: default: generic - description: |- - The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. - When not specified, defaults to 'generic'. + description: The provider used for authentication, can be 'aws', 'azure', + 'gcp' or 'generic'. When not specified, defaults to 'generic'. enum: - generic - aws - azure - gcp type: string - proxySecretRef: - description: |- - ProxySecretRef specifies the Secret containing the proxy configuration - to use while communicating with the container registry. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object ref: - description: |- - The OCI reference to pull and monitor for changes, - defaults to the latest tag. + description: The OCI reference to pull and monitor for changes, defaults + to the latest tag. properties: digest: - description: |- - Digest is the image digest to pull, takes precedence over SemVer. - The value should be in the format 'sha256:'. + description: Digest is the image digest to pull, takes precedence + over SemVer. The value should be in the format 'sha256:'. type: string semver: - description: |- - SemVer is the range of tags to pull selecting the latest within - the range, takes precedence over Tag. - type: string - semverFilter: - description: SemverFilter is a regex pattern to filter the tags - within the SemVer range. + description: SemVer is the range of tags to pull selecting the + latest within the range, takes precedence over Tag. type: string tag: description: Tag is the image tag to pull, defaults to latest. type: string type: object secretRef: - description: |- - SecretRef contains the secret name containing the registry login - credentials to resolve image metadata. - The secret must be of type kubernetes.io/dockerconfigjson. + description: SecretRef contains the secret name containing the registry + login credentials to resolve image metadata. The secret must be + of type kubernetes.io/dockerconfigjson. properties: name: description: Name of the referent. @@ -570,10 +139,9 @@ spec: - name type: object serviceAccountName: - description: |- - ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate - the image pull if the service account has attached pull secrets. For more information: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account + description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount + used to authenticate the image pull if the service account has attached + pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' type: string suspend: description: This flag tells the controller to suspend the reconciliation @@ -586,39 +154,35 @@ spec: pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ type: string url: - description: |- - URL is a reference to an OCI artifact repository hosted + description: URL is a reference to an OCI artifact repository hosted on a remote container registry. pattern: ^oci://.*$ type: string verify: - description: |- - Verify contains the secret name containing the trusted public keys - used to verify the signature and specifies which provider to use to check - whether OCI image is authentic. + description: Verify contains the secret name containing the trusted + public keys used to verify the signature and specifies which provider + to use to check whether OCI image is authentic. properties: matchOIDCIdentity: - description: |- - MatchOIDCIdentity specifies the identity matching criteria to use - while verifying an OCI artifact which was signed using Cosign keyless - signing. The artifact's identity is deemed to be verified if any of the - specified matchers match against the identity. + description: MatchOIDCIdentity specifies the identity matching + criteria to use while verifying an OCI artifact which was signed + using Cosign keyless signing. The artifact's identity is deemed + to be verified if any of the specified matchers match against + the identity. items: - description: |- - OIDCIdentityMatch specifies options for verifying the certificate identity, - i.e. the issuer and the subject of the certificate. + description: OIDCIdentityMatch specifies options for verifying + the certificate identity, i.e. the issuer and the subject + of the certificate. properties: issuer: - description: |- - Issuer specifies the regex pattern to match against to verify - the OIDC issuer in the Fulcio certificate. The pattern must be a - valid Go regular expression. + description: Issuer specifies the regex pattern to match + against to verify the OIDC issuer in the Fulcio certificate. + The pattern must be a valid Go regular expression. type: string subject: - description: |- - Subject specifies the regex pattern to match against to verify - the identity subject in the Fulcio certificate. The pattern must - be a valid Go regular expression. + description: Subject specifies the regex pattern to match + against to verify the identity subject in the Fulcio certificate. + The pattern must be a valid Go regular expression. type: string required: - issuer @@ -631,12 +195,10 @@ spec: OCI Artifact. enum: - cosign - - notation type: string secretRef: - description: |- - SecretRef specifies the Kubernetes Secret containing the - trusted public keys. + description: SecretRef specifies the Kubernetes Secret containing + the trusted public keys. properties: name: description: Name of the referent. @@ -660,14 +222,17 @@ spec: description: Artifact represents the output of the last successful OCI Repository sync. properties: + checksum: + description: Checksum is the SHA256 checksum of the Artifact file + (obsolete) + type: string digest: description: Digest is the digest of the file in the form of ':'. pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ type: string lastUpdateTime: - description: |- - LastUpdateTime is the timestamp corresponding to the last update of the - Artifact. + description: LastUpdateTime is the timestamp corresponding to + the last update of the Artifact. format: date-time type: string metadata: @@ -676,28 +241,26 @@ spec: description: Metadata holds upstream information such as OCI annotations. type: object path: - description: |- - Path is the relative file path of the Artifact. It can be used to locate - the file in the root of the Artifact storage on the local file system of - the controller managing the Source. + description: Path is the relative file path of the Artifact. It + can be used to locate the file in the root of the Artifact storage + on the local file system of the controller managing the Source. type: string revision: - description: |- - Revision is a human-readable identifier traceable in the origin source - system. It can be a Git commit SHA, Git tag, a Helm chart version, etc. + description: Revision is a human-readable identifier traceable + in the origin source system. It can be a Git commit SHA, Git + tag, a Helm chart version, etc. type: string size: description: Size is the number of bytes in the file. format: int64 type: integer url: - description: |- - URL is the HTTP address of the Artifact as exposed by the controller - managing the Source. It can be used to retrieve the Artifact for - consumption, e.g. by another controller applying the Artifact contents. + description: URL is the HTTP address of the Artifact as exposed + by the controller managing the Source. It can be used to retrieve + the Artifact for consumption, e.g. by another controller applying + the Artifact contents. type: string required: - - digest - lastUpdateTime - path - revision @@ -706,35 +269,43 @@ spec: conditions: description: Conditions holds the conditions for the OCIRepository. items: - description: Condition contains details for one aspect of the current - state of this API Resource. + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. format: date-time type: string message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -749,6 +320,10 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -761,51 +336,42 @@ spec: type: object type: array contentConfigChecksum: - description: |- - ContentConfigChecksum is a checksum of all the configurations related to - the content of the source artifact: - - .spec.ignore - - .spec.layerSelector - observed in .status.observedGeneration version of the object. This can - be used to determine if the content configuration has changed and the - artifact needs to be rebuilt. - It has the format of `:`, for example: `sha256:`. - - Deprecated: Replaced with explicit fields for observed artifact content - config in the status. + description: "ContentConfigChecksum is a checksum of all the configurations + related to the content of the source artifact: - .spec.ignore - + .spec.layerSelector observed in .status.observedGeneration version + of the object. This can be used to determine if the content configuration + has changed and the artifact needs to be rebuilt. It has the format + of `:`, for example: `sha256:`. \n Deprecated: + Replaced with explicit fields for observed artifact content config + in the status." type: string lastHandledReconcileAt: - description: |- - LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value - can be detected. + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. type: string observedGeneration: description: ObservedGeneration is the last observed generation. format: int64 type: integer observedIgnore: - description: |- - ObservedIgnore is the observed exclusion patterns used for constructing - the source artifact. + description: ObservedIgnore is the observed exclusion patterns used + for constructing the source artifact. type: string observedLayerSelector: - description: |- - ObservedLayerSelector is the observed layer selector used for constructing - the source artifact. + description: ObservedLayerSelector is the observed layer selector + used for constructing the source artifact. properties: mediaType: - description: |- - MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The - first layer matching this type is selected. + description: MediaType specifies the OCI media type of the layer + which should be extracted from the OCI Artifact. The first layer + matching this type is selected. type: string operation: - description: |- - Operation specifies how the selected layer should be processed. - By default, the layer compressed content is extracted to storage. - When the operation is set to 'copy', the layer compressed content - is persisted to storage as it is. + description: Operation specifies how the selected layer should + be processed. By default, the layer compressed content is extracted + to storage. When the operation is set to 'copy', the layer compressed + content is persisted to storage as it is. enum: - extract - copy @@ -818,7 +384,7 @@ spec: type: object type: object served: true - storage: false + storage: true subresources: status: {} diff --git a/definitions/stacks.crossplane.io/clusterstackinstall.yaml b/definitions/stacks.crossplane.io/clusterstackinstall.yaml new file mode 100644 index 000000000..375b9c9aa --- /dev/null +++ b/definitions/stacks.crossplane.io/clusterstackinstall.yaml @@ -0,0 +1,143 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: clusterstackinstalls.stacks.crossplane.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditionedStatus.conditions[?(@.type=='Ready')].status + name: READY + type: string + - JSONPath: .spec.source + name: SOURCE + type: string + - JSONPath: .spec.package + name: PACKAGE + type: string + - JSONPath: .spec.crd + name: CRD + type: string + - JSONPath: .metadata.creationTimestamp + name: AGE + type: date + group: stacks.crossplane.io + names: + categories: + - crossplane + kind: ClusterStackInstall + listKind: ClusterStackInstallList + plural: clusterstackinstalls + singular: clusterstackinstall + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + crd: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + package: + type: string + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + type: object + source: + type: string + type: object + status: + properties: + conditionedStatus: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + installJob: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + stackRecord: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/stacks.crossplane.io/stack.yaml b/definitions/stacks.crossplane.io/stack.yaml new file mode 100644 index 000000000..fad15eff4 --- /dev/null +++ b/definitions/stacks.crossplane.io/stack.yaml @@ -0,0 +1,2930 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: stacks.stacks.crossplane.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditionedStatus.conditions[?(@.type=='Ready')].status + name: READY + type: string + - JSONPath: .spec.version + name: VERSION + type: string + - JSONPath: .metadata.creationTimestamp + name: AGE + type: date + group: stacks.crossplane.io + names: + categories: + - crossplane + kind: Stack + listKind: StackList + plural: stacks + singular: stack + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + category: + type: string + company: + type: string + controller: + properties: + deployment: + properties: + name: + type: string + spec: + properties: + minReadySeconds: + format: int32 + type: integer + paused: + type: boolean + progressDeadlineSeconds: + format: int32 + type: integer + replicas: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + strategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + template: + properties: + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + type: string + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + required: + - selector + - template + type: object + required: + - name + - spec + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + type: object + type: object + customresourcedefinitions: + items: + properties: + apiVersion: + type: string + kind: + type: string + type: object + type: array + dependsOn: + items: + properties: + crd: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + package: + type: string + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + type: object + source: + type: string + type: object + type: array + icons: + items: + properties: + base64Data: + type: string + mediatype: + type: string + required: + - base64Data + - mediatype + type: object + type: array + keywords: + items: + type: string + type: array + license: + type: string + maintainers: + items: + properties: + email: + type: string + name: + type: string + type: object + type: array + overview: + type: string + overviewShort: + type: string + owners: + items: + properties: + email: + type: string + name: + type: string + type: object + type: array + packageType: + enum: + - Provider + - Stack + - Application + - Addon + type: string + permissionScope: + enum: + - Cluster + - Namespaced + type: string + permissions: + properties: + rules: + items: + properties: + apiGroups: + items: + type: string + type: array + nonResourceURLs: + items: + type: string + type: array + resourceNames: + items: + type: string + type: array + resources: + items: + type: string + type: array + verbs: + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + readme: + type: string + source: + type: string + title: + type: string + version: + type: string + website: + type: string + type: object + status: + properties: + conditionedStatus: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + controllerRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/stacks.crossplane.io/stackdefinition.yaml b/definitions/stacks.crossplane.io/stackdefinition.yaml new file mode 100644 index 000000000..7009f74e2 --- /dev/null +++ b/definitions/stacks.crossplane.io/stackdefinition.yaml @@ -0,0 +1,2940 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: stackdefinitions.stacks.crossplane.io +spec: + group: stacks.crossplane.io + names: + categories: + - crossplane + kind: StackDefinition + listKind: StackDefinitionList + plural: stackdefinitions + singular: stackdefinition + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + behavior: + properties: + crd: + properties: + apiVersion: + type: string + kind: + type: string + required: + - apiVersion + - kind + type: object + engine: + properties: + controllerImage: + type: string + kustomize: + properties: + kustomization: + type: object + overlays: + items: + properties: + apiVersion: + type: string + bindings: + items: + properties: + from: + type: string + to: + type: string + required: + - from + - to + type: object + type: array + kind: + type: string + name: + type: string + required: + - apiVersion + - bindings + - kind + - name + type: object + type: array + type: object + type: + type: string + required: + - type + type: object + source: + properties: + image: + type: string + path: + type: string + required: + - path + type: object + type: object + category: + type: string + company: + type: string + controller: + properties: + deployment: + properties: + name: + type: string + spec: + properties: + minReadySeconds: + format: int32 + type: integer + paused: + type: boolean + progressDeadlineSeconds: + format: int32 + type: integer + replicas: + format: int32 + type: integer + revisionHistoryLimit: + format: int32 + type: integer + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + strategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + template: + properties: + metadata: + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + type: string + type: object + requests: + additionalProperties: + type: string + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + type: string + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + type: string + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + type: string + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + required: + - selector + - template + type: object + required: + - name + - spec + type: object + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + type: object + type: object + customresourcedefinitions: + items: + properties: + apiVersion: + type: string + kind: + type: string + type: object + type: array + dependsOn: + items: + properties: + crd: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + package: + type: string + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + type: object + source: + type: string + type: object + type: array + icons: + items: + properties: + base64Data: + type: string + mediatype: + type: string + required: + - base64Data + - mediatype + type: object + type: array + keywords: + items: + type: string + type: array + license: + type: string + maintainers: + items: + properties: + email: + type: string + name: + type: string + type: object + type: array + overview: + type: string + overviewShort: + type: string + owners: + items: + properties: + email: + type: string + name: + type: string + type: object + type: array + packageType: + enum: + - Provider + - Stack + - Application + - Addon + type: string + permissionScope: + enum: + - Cluster + - Namespaced + type: string + permissions: + properties: + rules: + items: + properties: + apiGroups: + items: + type: string + type: array + nonResourceURLs: + items: + type: string + type: array + resourceNames: + items: + type: string + type: array + resources: + items: + type: string + type: array + verbs: + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + readme: + type: string + source: + type: string + title: + type: string + version: + type: string + website: + type: string + type: object + status: + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/stacks.crossplane.io/stackinstall.yaml b/definitions/stacks.crossplane.io/stackinstall.yaml new file mode 100644 index 000000000..e619fce88 --- /dev/null +++ b/definitions/stacks.crossplane.io/stackinstall.yaml @@ -0,0 +1,143 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: stackinstalls.stacks.crossplane.io +spec: + additionalPrinterColumns: + - JSONPath: .status.conditionedStatus.conditions[?(@.type=='Ready')].status + name: READY + type: string + - JSONPath: .spec.source + name: SOURCE + type: string + - JSONPath: .spec.package + name: PACKAGE + type: string + - JSONPath: .spec.crd + name: CRD + type: string + - JSONPath: .metadata.creationTimestamp + name: AGE + type: date + group: stacks.crossplane.io + names: + categories: + - crossplane + kind: StackInstall + listKind: StackInstallList + plural: stackinstalls + singular: stackinstall + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + crd: + type: string + imagePullPolicy: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + package: + type: string + serviceAccount: + properties: + annotations: + additionalProperties: + type: string + type: object + type: object + source: + type: string + type: object + status: + properties: + conditionedStatus: + properties: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + installJob: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + stackRecord: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/standard.oam.dev/rollout.yaml b/definitions/standard.oam.dev/rollout.yaml new file mode 100644 index 000000000..ebee6cfa5 --- /dev/null +++ b/definitions/standard.oam.dev/rollout.yaml @@ -0,0 +1,478 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + name: rollouts.standard.oam.dev +spec: + group: standard.oam.dev + names: + categories: + - oam + kind: Rollout + listKind: RolloutList + plural: rollouts + shortNames: + - rollout + singular: rollout + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.rolloutTargetSize + name: TARGET + type: string + - jsonPath: .status.upgradedReplicas + name: UPGRADED + type: string + - jsonPath: .status.upgradedReadyReplicas + name: READY + type: string + - jsonPath: .status.batchRollingState + name: BATCH-STATE + type: string + - jsonPath: .status.rollingState + name: ROLLING-STATE + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Rollout is the Schema for the Rollout API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RolloutSpec defines how to describe an update between different + compRevision + properties: + componentName: + description: ComponentName specify the component name + type: string + rolloutPlan: + description: RolloutPlan is the details on how to rollout the resources + properties: + batchPartition: + description: All pods in the batches up to the batchPartition + (included) will have the target resource specification while + the rest still have the source resource This is designed for + the operators to manually rollout Default is the the number + of batches which will rollout all the batches + format: int32 + type: integer + canaryMetric: + description: CanaryMetric provides a way for the rollout process + to automatically check certain metrics before complete the process + items: + description: CanaryMetric holds the reference to metrics used + for canary analysis + properties: + interval: + description: Interval represents the windows size + type: string + metricsRange: + description: Range value accepted for this metric + properties: + max: + anyOf: + - type: integer + - type: string + description: Maximum value + x-kubernetes-int-or-string: true + min: + anyOf: + - type: integer + - type: string + description: Minimum value + x-kubernetes-int-or-string: true + type: object + name: + description: Name of the metric + type: string + templateRef: + description: TemplateRef references a metric template object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + type: array + numBatches: + description: The number of batches, default = 1 + format: int32 + type: integer + paused: + description: Paused the rollout, default is false + type: boolean + rolloutBatches: + description: The exact distribution among batches. its size has + to be exactly the same as the NumBatches (if set) The total + number cannot exceed the targetSize or the size of the source + resource We will IGNORE the last batch's replica field if it's + a percentage since round errors can lead to inaccurate sum We + highly recommend to leave the last batch's replica field empty + items: + description: RolloutBatch is used to describe how the each batch + rollout should be + properties: + batchRolloutWebhooks: + description: RolloutWebhooks provides a way for the batch + rollout to interact with an external process + items: + description: RolloutWebhook holds the reference to external + checks used for canary analysis + properties: + expectedStatus: + description: ExpectedStatus contains all the expected + http status code that we will accept as success + items: + type: integer + type: array + metadata: + additionalProperties: + type: string + description: Metadata (key-value pairs) for this webhook + type: object + method: + description: Method the HTTP call method, default + is POST + type: string + name: + description: Name of this webhook + type: string + type: + description: Type of this webhook + type: string + url: + description: URL address of this webhook + type: string + required: + - name + - type + - url + type: object + type: array + canaryMetric: + description: CanaryMetric provides a way for the batch rollout + process to automatically check certain metrics before + moving to the next batch + items: + description: CanaryMetric holds the reference to metrics + used for canary analysis + properties: + interval: + description: Interval represents the windows size + type: string + metricsRange: + description: Range value accepted for this metric + properties: + max: + anyOf: + - type: integer + - type: string + description: Maximum value + x-kubernetes-int-or-string: true + min: + anyOf: + - type: integer + - type: string + description: Minimum value + x-kubernetes-int-or-string: true + type: object + name: + description: Name of the metric + type: string + templateRef: + description: TemplateRef references a metric template + object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object + instead of an entire object, this string should + contain a valid JSON/Go field access statement, + such as desiredState.manifest.containers[2]. + For example, if the object reference is to a + container within a pod, this would take on a + value like: "spec.containers{name}" (where "name" + refers to the name of the container that triggered + the event) or if no container name is specified + "spec.containers[2]" (container with index 2 + in this pod). This syntax is chosen only to + have some well-defined way of referencing a + part of an object. TODO: this design is not + final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which + this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + type: array + instanceInterval: + description: The wait time, in seconds, between instances + upgrades, default = 0 + format: int32 + type: integer + maxUnavailable: + anyOf: + - type: integer + - type: string + description: MaxUnavailable is the max allowed number of + pods that is unavailable during the upgrade. We will mark + the batch as ready as long as there are less or equal + number of pods unavailable than this number. default = + 0 + x-kubernetes-int-or-string: true + podList: + description: The list of Pods to get upgraded it is mutually + exclusive with the Replicas field + items: + type: string + type: array + replicas: + anyOf: + - type: integer + - type: string + description: 'Replicas is the number of pods to upgrade + in this batch it can be an absolute number (ex: 5) or + a percentage of total pods we will ignore the percentage + of the last batch to just fill the gap it is mutually + exclusive with the PodList field' + x-kubernetes-int-or-string: true + type: object + type: array + rolloutStrategy: + description: RolloutStrategy defines strategies for the rollout + plan The default is IncreaseFirstRolloutStrategyType + type: string + rolloutWebhooks: + description: RolloutWebhooks provide a way for the rollout to + interact with an external process + items: + description: RolloutWebhook holds the reference to external + checks used for canary analysis + properties: + expectedStatus: + description: ExpectedStatus contains all the expected http + status code that we will accept as success + items: + type: integer + type: array + metadata: + additionalProperties: + type: string + description: Metadata (key-value pairs) for this webhook + type: object + method: + description: Method the HTTP call method, default is POST + type: string + name: + description: Name of this webhook + type: string + type: + description: Type of this webhook + type: string + url: + description: URL address of this webhook + type: string + required: + - name + - type + - url + type: object + type: array + targetSize: + description: The size of the target resource. The default is the + same as the size of the source resource. + format: int32 + type: integer + type: object + sourceRevisionName: + description: SourceRevisionName contains the name of the componentRevisionName that + we need to upgrade from. it can be empty only when it's the first + time to deploy the application + type: string + targetRevisionName: + description: TargetRevisionName contains the name of the componentRevisionName + that we need to upgrade to. + type: string + required: + - componentName + - rolloutPlan + - targetRevisionName + type: object + status: + description: CompRolloutStatus defines the observed state of rollout + properties: + LastSourceRevision: + description: LastSourceRevision contains the name of the componentRevisionName + that we need to upgrade from. We will restart the rollout if this + is not the same as the spec + type: string + batchRollingState: + description: BatchRollingState only meaningful when the Status is + rolling + type: string + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentBatch: + description: The current batch the rollout is working on/blocked it + starts from 0 + format: int32 + type: integer + lastAppliedPodTemplateIdentifier: + description: lastAppliedPodTemplateIdentifier is a string that uniquely + represent the last pod template each workload type could use different + ways to identify that so we cannot compare between resources We + update this field only after a successful rollout + type: string + lastTargetRevision: + description: LastUpgradedTargetRevision contains the name of the componentRevisionName + that we upgraded to We will restart the rollout if this is not the + same as the spec + type: string + rollingState: + description: RollingState is the Rollout State + type: string + rolloutOriginalSize: + description: RolloutTargetSize is the size of the target resources. + This is determined once the initial spec verification and does not + change until the rollout is restarted + format: int32 + type: integer + rolloutTargetSize: + description: RolloutTargetSize is the size of the target resources. + This is determined once the initial spec verification and does not + change until the rollout is restarted + format: int32 + type: integer + targetGeneration: + description: NewPodTemplateIdentifier is a string that uniquely represent + the new pod template each workload type could use different ways + to identify that so we cannot compare between resources + type: string + upgradedReadyReplicas: + description: UpgradedReadyReplicas is the number of Pods upgraded + by the rollout controller that have a Ready Condition. + format: int32 + type: integer + upgradedReplicas: + description: UpgradedReplicas is the number of Pods upgraded by the + rollout controller + format: int32 + type: integer + required: + - currentBatch + - lastTargetRevision + - rollingState + - upgradedReadyReplicas + - upgradedReplicas + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/storage.kubeblocks.io/storageprovider.yaml b/definitions/storage.kubeblocks.io/storageprovider.yaml new file mode 100644 index 000000000..d85c1b4a5 --- /dev/null +++ b/definitions/storage.kubeblocks.io/storageprovider.yaml @@ -0,0 +1,201 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: kubeblocks + name: storageproviders.storage.kubeblocks.io +spec: + group: storage.kubeblocks.io + names: + categories: + - kubeblocks + kind: StorageProvider + listKind: StorageProviderList + plural: storageproviders + singular: storageprovider + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: STATUS + type: string + - jsonPath: .spec.csiDriverName + name: CSIDRIVER + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + StorageProvider comprises specifications that provide guidance on accessing remote storage. + Currently the supported access methods are via a dedicated CSI driver or the `datasafed` tool. + In case of CSI driver, the specification expounds on provisioning PVCs for that driver. + As for the `datasafed` tool, the specification provides insights on generating the necessary + configuration file. + + + Deprecated since v0.9, moving to dataprotection.kubeblocks.io API group, + will be removed in v0.11. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: StorageProviderSpec defines the desired state of `StorageProvider`. + properties: + csiDriverName: + description: |- + Specifies the name of the CSI driver used to access remote storage. + This field can be empty, it indicates that the storage is not accessible via CSI. + type: string + csiDriverSecretTemplate: + description: |- + A Go template that used to render and generate `k8s.io/api/core/v1.Secret` + resources for a specific CSI driver. + For example, `accessKey` and `secretKey` needed by CSI-S3 are stored in this + `Secret` resource. + type: string + datasafedConfigTemplate: + description: |- + A Go template used to render and generate `k8s.io/api/core/v1.Secret`. + This `Secret` involves the configuration details required by the `datasafed` tool + to access remote storage. For example, the `Secret` should contain `endpoint`, + `bucket`, 'region', 'accessKey', 'secretKey', or something else for S3 storage. + This field can be empty, it means this kind of storage is not accessible via + the `datasafed` tool. + type: string + parametersSchema: + description: |- + Describes the parameters required for storage. + The parameters defined here can be referenced in the above templates, + and `kbcli` uses this definition for dynamic command-line parameter parsing. + properties: + credentialFields: + description: |- + Defines which parameters are credential fields, which need to be handled specifically. + For instance, these should be stored in a `Secret` instead of a `ConfigMap`. + items: + type: string + type: array + openAPIV3Schema: + description: Defines the parameters in OpenAPI V3. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + persistentVolumeClaimTemplate: + description: |- + A Go template that renders and generates `k8s.io/api/core/v1.PersistentVolumeClaim` + resources. This PVC can reference the `StorageClass` created from `storageClassTemplate`, + allowing Pods to access remote storage by mounting the PVC. + type: string + storageClassTemplate: + description: |- + A Go template utilized to render and generate `kubernetes.storage.k8s.io.v1.StorageClass` + resources. The `StorageClass' created by this template is aimed at using the CSI driver. + type: string + type: object + status: + description: StorageProviderStatus defines the observed state of `StorageProvider`. + properties: + conditions: + description: Describes the current state of the `StorageProvider`. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + description: The phase of the `StorageProvider`. Valid phases are + `NotReady` and `Ready`. + enum: + - NotReady + - Ready + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/temporal.io/temporalworkerprocess.yaml b/definitions/temporal.io/temporalworkerprocess.yaml new file mode 100644 index 000000000..bc5c22475 --- /dev/null +++ b/definitions/temporal.io/temporalworkerprocess.yaml @@ -0,0 +1,282 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + creationTimestamp: null + name: temporalworkerprocesses.temporal.io +spec: + group: temporal.io + names: + kind: TemporalWorkerProcess + listKind: TemporalWorkerProcessList + plural: temporalworkerprocesses + singular: temporalworkerprocess + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type == 'Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type == 'ReconcileSuccess')].status + name: ReconcileSuccess + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + deprecated: true + deprecationWarning: temporal.io/v1beta1 TemporalWorkerProcess is deprecated and + will be removed in TemporalOperator >= 0.18.0. Please use TemporalClusterClient + with your own deployment instead. + name: v1beta1 + schema: + openAPIV3Schema: + description: TemporalWorkerProcess is the Schema for the temporalworkerprocesses + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TemporalWorkerProcessSpec defines the desired state of TemporalWorkerProcess. + properties: + builder: + description: Builder is the configuration for building a TemporalWorkerProcess. + THIS FEATURE IS HIGHLY EXPERIMENTAL. + properties: + attempt: + description: BuildAttempt is the build attempt number of a given + version + format: int32 + type: integer + buildDir: + description: BuildDir is the location of where the sources will + be built. + type: string + buildRegistry: + description: BuildRegistry specifies how to connect to container + registry. + properties: + passwordSecretRef: + description: PasswordSecret is the reference to the secret + holding the docker repo password. + properties: + key: + description: Key in the Secret. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + repository: + description: Repository is the fqdn to the image repo. + type: string + username: + description: Username is the username for the container repo. + type: string + required: + - passwordSecretRef + - repository + - username + type: object + enabled: + description: Enabled defines if the operator should build the + temporal worker process. + type: boolean + gitRepository: + description: GitRepository specifies how to connect to Git source + control. + properties: + reference: + description: Reference specifies the Git reference to resolve + and monitor for changes, defaults to the 'master' branch. + properties: + branch: + description: Branch to check out, defaults to 'main' if + no other field is defined. + type: string + type: object + url: + description: URL specifies the Git repository URL, it can + be an HTTP/S or SSH address. + pattern: ^(http|https|ssh)://.*$ + type: string + required: + - url + type: object + image: + description: Image is the image that will be used to build worker + image. + type: string + version: + description: Version is the version of the image that will be + used to build worker image. + type: string + required: + - enabled + type: object + clusterRef: + description: Reference to the temporal cluster the worker will connect + to. + properties: + name: + description: The name of the TemporalCluster to reference. + type: string + namespace: + description: The namespace of the TemporalCluster to reference. + Defaults to the namespace of the requested resource if omitted. + type: string + type: object + image: + description: Image defines the temporal worker docker image the instance + should run. + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling temporal images from registries. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + jobTtlSecondsAfterFinished: + default: 300 + description: JobTTLSecondsAfterFinished is amount of time to keep + job pods after jobs are completed. Defaults to 300 seconds. + format: int32 + minimum: 1 + type: integer + pullPolicy: + description: Image pull policy for determining how to pull worker + process images. + type: string + replicas: + description: Number of desired replicas. Default to 1. + format: int32 + minimum: 1 + type: integer + temporalNamespace: + description: TemporalNamespace that worker will poll. + type: string + version: + description: Version defines the worker process version. + type: string + required: + - clusterRef + - image + - temporalNamespace + type: object + status: + description: TemporalWorkerProcessStatus defines the observed state of + TemporalWorkerProcess. + properties: + attempt: + description: BuildAttempt is the build attempt number of a given version + format: int32 + type: integer + conditions: + description: Conditions represent the latest available observations + of the worker process state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + created: + description: Created indicates if the worker process image was created. + type: boolean + ready: + description: Ready defines if the worker process is ready. + type: boolean + version: + description: Version is the version of the image that will be used + to build worker image. + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/tinkerbell.org/hardware.yaml b/definitions/tinkerbell.org/hardware.yaml index 9bcd37a09..f9fc1249f 100644 --- a/definitions/tinkerbell.org/hardware.yaml +++ b/definitions/tinkerbell.org/hardware.yaml @@ -2,388 +2,152 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/v1beta1: v1beta1 name: hardware.tinkerbell.org spec: group: tinkerbell.org names: categories: - - tinkerbell + - tinkerbell kind: Hardware listKind: HardwareList plural: hardware - shortNames: - - hw singular: hardware - scope: Namespaced + scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Hardware is the Schema for the Hardware API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HardwareSpec defines the desired state of Hardware. - properties: - bmcRef: - description: |- - BMCRef contains a relation to a BMC state management type in the same - namespace as the Hardware. This may be used for BMC management by - orchestrators. + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Hardware is the Schema for the Hardware API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HardwareSpec defines the desired state of Hardware. + properties: + id: + description: ID is the ID of the hardware in Tinkerbell + minLength: 1 + type: string + userData: + description: UserData is the user data to configure in the hardware's + metadata + type: string + required: + - id + type: object + status: + description: HardwareStatus defines the observed state of Hardware. + properties: + disks: + items: + description: Disk represents a disk device for Tinkerbell Hardware. properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. + device: type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name type: object - x-kubernetes-map-type: atomic - disks: - items: - description: Disk represents a disk device for Tinkerbell Hardware. - properties: - device: - type: string - type: object - type: array - interfaces: - items: - description: Interface represents a network interface configuration for Hardware. - properties: - dhcp: - description: DHCP configuration. - properties: - arch: - type: string - hostname: - type: string - iface_name: - type: string - ip: - description: IP configuration. - properties: - address: - type: string - family: - format: int64 - type: integer - gateway: - type: string - netmask: - type: string - type: object - lease_time: - format: int64 - type: integer - mac: - pattern: ([0-9a-f]{2}[:]){5}([0-9a-f]{2}) - type: string - name_servers: - items: - type: string - type: array - time_servers: - items: - type: string - type: array - uefi: - type: boolean - vlan_id: - description: validation pattern for VLANDID is a string number between 0-4096 - pattern: ^(([0-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))(,[1-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))*)$ - type: string - type: object - disableDhcp: - default: false - description: DisableDHCP disables DHCP for this interface. - type: boolean - netboot: - description: Netboot configuration. - properties: - allowPXE: - type: boolean - allowWorkflow: - type: boolean - ipxe: - description: IPXE configuration. - properties: - contents: - type: string - url: - type: string - type: object - osie: - description: OSIE configuration. - properties: - baseURL: - type: string - initrd: - type: string - kernel: - type: string - type: object - type: object - type: object - type: array - metadata: + type: array + interfaces: + items: + description: Interface represents a network interface configuration + for Hardware. properties: - bonding_mode: - format: int64 - type: integer - custom: + dhcp: + description: DHCP configuration. properties: - preinstalled_operating_system_version: + arch: + type: string + hostname: + type: string + iface_name: + type: string + ip: + description: IP configuration. properties: - distro: + address: type: string - image_tag: + family: + format: int64 + type: integer + gateway: type: string - os_slug: - type: string - slug: - type: string - version: + netmask: type: string type: object - private_subnets: + lease_time: + format: int64 + type: integer + mac: + type: string + name_servers: items: type: string type: array + time_servers: + items: + type: string + type: array + uefi: + type: boolean type: object - facility: - properties: - facility_code: - type: string - plan_slug: - type: string - plan_version_slug: - type: string - type: object - instance: + netboot: + description: Netboot configuration. properties: - allow_pxe: - type: boolean - always_pxe: + allowPXE: type: boolean - crypted_root_password: - type: string - hostname: - type: string - id: - type: string - ips: - items: - properties: - address: - type: string - family: - format: int64 - type: integer - gateway: - type: string - management: - type: boolean - netmask: - type: string - public: - type: boolean - type: object - type: array - ipxe_script_url: - type: string - network_ready: + allowWorkflow: type: boolean - operating_system: + ipxe: + description: IPXE configuration. properties: - distro: + contents: type: string - image_tag: + url: type: string - os_slug: + type: object + osie: + description: OSIE configuration. + properties: + baseURL: type: string - slug: + initrd: type: string - version: + kernel: type: string type: object - rescue: - type: boolean - ssh_keys: - items: - type: string - type: array - state: - type: string - storage: - properties: - disks: - items: - properties: - device: - type: string - partitions: - items: - properties: - label: - type: string - number: - format: int64 - type: integer - size: - format: int64 - type: integer - start: - format: int64 - type: integer - type_guid: - type: string - type: object - type: array - wipe_table: - type: boolean - type: object - type: array - filesystems: - items: - properties: - mount: - properties: - create: - properties: - force: - type: boolean - options: - items: - type: string - type: array - type: object - device: - type: string - files: - items: - properties: - contents: - type: string - gid: - format: int64 - type: integer - mode: - format: int64 - type: integer - path: - type: string - uid: - format: int64 - type: integer - type: object - type: array - format: - type: string - point: - type: string - type: object - type: object - type: array - raid: - items: - properties: - devices: - items: - type: string - type: array - level: - type: string - name: - type: string - spare: - format: int64 - type: integer - type: object - type: array - type: object - tags: - items: - type: string - type: array - userdata: - type: string type: object - manufacturer: - properties: - id: - type: string - slug: - type: string - type: object - state: - type: string - type: object - resources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Resources represents known resources that are available on a machine. - Resources may be used for scheduling by orchestrators. type: object - tinkVersion: - format: int64 - type: integer - userData: - description: |- - UserData is the user data to configure in the hardware's - metadata - type: string - vendorData: - description: |- - VendorData is the vendor data to configure in the hardware's - metadata - type: string - type: object - status: - description: HardwareStatus defines the observed state of Hardware. - properties: - state: - description: HardwareState represents the hardware state. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - + type: array + state: + description: HardwareState represents the hardware state. + type: string + tinkMetadata: + type: string + tinkVersion: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/tinkerbell.org/template.yaml b/definitions/tinkerbell.org/template.yaml index cb9c549d2..5f87bf93d 100644 --- a/definitions/tinkerbell.org/template.yaml +++ b/definitions/tinkerbell.org/template.yaml @@ -2,63 +2,60 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/v1beta1: v1beta1 name: templates.tinkerbell.org spec: group: tinkerbell.org names: categories: - - tinkerbell + - tinkerbell kind: Template listKind: TemplateList plural: templates - shortNames: - - tpl singular: template - scope: Namespaced + scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Template is the Schema for the Templates API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: TemplateSpec defines the desired state of Template. - properties: - data: - type: string - type: object - status: - description: TemplateStatus defines the observed state of Template. - properties: - state: - description: TemplateState represents the template state. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Template is the Schema for the Templates API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TemplateSpec defines the desired state of Template. + properties: + data: + type: string + type: object + status: + description: TemplateStatus defines the observed state of Template. + properties: + state: + description: TemplateState represents the template state. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/tinkerbell.org/workflow.yaml b/definitions/tinkerbell.org/workflow.yaml index adcdddd68..74ba0a2ac 100644 --- a/definitions/tinkerbell.org/workflow.yaml +++ b/definitions/tinkerbell.org/workflow.yaml @@ -2,238 +2,132 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/v1beta1: v1beta1 name: workflows.tinkerbell.org spec: group: tinkerbell.org names: categories: - - tinkerbell + - tinkerbell kind: Workflow listKind: WorkflowList plural: workflows - shortNames: - - wf singular: workflow - scope: Namespaced + scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .spec.templateRef - name: Template - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.currentAction - name: Current-Action - type: string - - jsonPath: .status.templateRending - name: Template-Rendering - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Workflow is the Schema for the Workflows API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: WorkflowSpec defines the desired state of Workflow. - properties: - bootOptions: - description: BootOptions are options that control the booting of Hardware. + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Workflow is the Schema for the Workflows API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkflowSpec defines the desired state of Workflow. + properties: + hardwareRef: + description: Name of the Hardware associated with this workflow. + type: string + templateRef: + description: Name of the Template associated with this workflow. + type: string + type: object + status: + description: WorkflowStatus defines the observed state of Workflow. + properties: + actions: + description: Actions are the actions for this Workflow. + items: + description: Action represents a workflow action. properties: - bootMode: - description: BootMode is the type of booting that will be done. - enum: - - netboot - - iso - type: string - isoURL: - description: |- - ISOURL is the URL of the ISO that will be one-time booted. When this field is set, the controller will create a job.bmc.tinkerbell.org object - for getting the associated hardware into a CDROM booting state. - A HardwareRef that contains a spec.BmcRef must be provided. - format: url - type: string - toggleAllowNetboot: - description: |- - ToggleAllowNetboot indicates whether the controller should toggle the field in the associated hardware for allowing PXE booting. - This will be enabled before a Workflow is executed and disabled after the Workflow has completed successfully. - A HardwareRef must be provided. - type: boolean - type: object - hardwareMap: - additionalProperties: - type: string - description: A mapping of template devices to hadware mac addresses. - type: object - hardwareRef: - description: Name of the Hardware associated with this workflow. - type: string - templateRef: - description: Name of the Template associated with this workflow. - type: string - type: object - status: - description: WorkflowStatus defines the observed state of a Workflow. - properties: - bootOptions: - description: BootOptions holds the state of any boot options. - properties: - allowNetboot: - description: AllowNetboot holds the state of the the controller's interactions with the allowPXE field in a Hardware object. - properties: - toggledFalse: - type: boolean - toggledTrue: - type: boolean - type: object - jobs: - additionalProperties: - description: JobStatus holds the state of a specific job.bmc.tinkerbell.org object created. - properties: - complete: - description: Complete indicates whether the created job.bmc.tinkerbell.org has reported its conditions as complete. - type: boolean - existingJobDeleted: - description: |- - ExistingJobDeleted indicates whether any existing job.bmc.tinkerbell.org was deleted. - The name of each job.bmc.tinkerbell.org object created by the controller is the same, so only one can exist at a time. - Using the same name was chosen so that there is only ever 1 job.bmc.tinkerbell.org per Hardware/Machine.bmc.tinkerbell.org. - This makes clean up easier and we dont just orphan jobs every time. - type: boolean - uid: - description: |- - UID is the UID of the job.bmc.tinkerbell.org object associated with this workflow. - This is used to uniquely identify the job.bmc.tinkerbell.org object, as - all objects for a specific Hardware/Machine.bmc.tinkerbell.org are created with the same name. - type: string - type: object - description: Jobs holds the state of any job.bmc.tinkerbell.org objects created. - type: object - type: object - conditions: - description: Conditions are the latest available observations of an object's current state. - items: - description: JobCondition describes current state of a job. - properties: - message: - description: Message is a human readable message indicating details about last transition. + command: + items: type: string - reason: - description: Reason is a (brief) reason for the condition's last transition. + type: array + environment: + items: type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - time: - description: Time when the condition was created. - format: date-time - type: string - type: - description: Type of job condition, Complete or Failed. + type: array + image: + type: string + name: + type: string + on_failure: + items: type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-type: atomic - currentAction: - description: CurrentAction is the action that is currently in the running state. - type: string - globalTimeout: - description: GlobalTimeout represents the max execution time. - format: int64 - type: integer - state: - description: State is the current overall state of the Workflow. - type: string - tasks: - description: Tasks are the tasks to be run by the worker(s). - items: - description: Task represents a series of actions to be completed by a worker. - properties: - actions: - items: - description: Action represents a workflow action. - properties: - command: - items: - type: string - type: array - environment: - additionalProperties: - type: string - type: object - image: - type: string - message: - type: string - name: - type: string - pid: - type: string - seconds: - format: int64 - type: integer - startedAt: - format: date-time - type: string - status: - type: string - timeout: - format: int64 - type: integer - volumes: - items: - type: string - type: array - type: object - type: array - environment: - additionalProperties: - type: string - type: object - name: + type: array + on_timeout: + items: type: string - volumes: - items: - type: string - type: array - worker: + type: array + task_name: + type: string + timeout: + format: int64 + type: integer + volumes: + items: type: string - required: - - actions - - name - - worker - type: object - type: array - templateRending: - description: |- - TemplateRendering indicates whether the template was rendered successfully. - Possible values are "successful" or "failed" or "unknown". - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + worker_id: + type: string + type: object + type: array + data: + description: Data is the populated Workflow Data in Tinkerbell. + type: string + events: + description: Events are events for this Workflow. + items: + description: Event represents a workflow event. + properties: + action_name: + type: string + action_status: + type: string + created_at: + format: date-time + type: string + message: + type: string + seconds: + format: int64 + type: integer + task_name: + type: string + worker_id: + type: string + type: object + type: array + metadata: + description: Metadata is the metadata stored in Tinkerbell. + type: string + state: + description: State is the state of the workflow in Tinkerbell. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/definitions/tinkerbell.org/workflowdata.yaml b/definitions/tinkerbell.org/workflowdata.yaml new file mode 100644 index 000000000..8be8b419a --- /dev/null +++ b/definitions/tinkerbell.org/workflowdata.yaml @@ -0,0 +1,140 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: workflowdata.tinkerbell.org +spec: + group: tinkerbell.org + names: + categories: + - tinkerbell + kind: WorkflowData + listKind: WorkflowDataList + plural: workflowdata + shortNames: + - wfdata + singular: workflowdata + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Workflow is the Schema for the Workflows API. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: WorkflowSpec defines the desired state of Workflow. + properties: + hardwareMap: + additionalProperties: + type: string + description: A mapping of template devices to hadware mac addresses + type: object + hardwareRef: + description: Name of the Hardware associated with this workflow. + type: string + templateRef: + description: Name of the Template associated with this workflow. + type: string + type: object + status: + description: WorkflowStatus defines the observed state of Workflow. + properties: + globalTimeout: + description: GlobalTimeout represents the max execution time + format: int64 + type: integer + state: + description: State is the state of the workflow in Tinkerbell. + type: string + tasks: + description: Tasks are the tasks to be completed + items: + description: + Task represents a series of actions to be completed + by a worker. + properties: + actions: + items: + description: Action represents a workflow action. + properties: + command: + items: + type: string + type: array + environment: + additionalProperties: + type: string + type: object + image: + type: string + message: + type: string + name: + type: string + pid: + type: string + seconds: + format: int64 + type: integer + startedAt: + format: date-time + type: string + status: + type: string + timeout: + format: int64 + type: integer + volumes: + items: + type: string + type: array + type: object + type: array + environment: + additionalProperties: + type: string + type: object + name: + type: string + volumes: + items: + type: string + type: array + worker: + type: string + required: + - actions + - name + - worker + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/traefik.containo.us/ingressroute.yaml b/definitions/traefik.containo.us/ingressroute.yaml new file mode 100644 index 000000000..a0adef21c --- /dev/null +++ b/definitions/traefik.containo.us/ingressroute.yaml @@ -0,0 +1,288 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: |- + Kind defines the kind of the route. + Rule is the only supported kind. + enum: + - Rule + type: string + match: + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule + type: string + middlewares: + description: |- + Middlewares defines the list of references to Middleware resources. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority + type: integer + services: + description: |- + Services defines the list of Service. + It can contain any combination of TraefikService and/or reference to a Kubernetes Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: |- + TLS defines the TLS configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls + properties: + certResolver: + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + type: string + domains: + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + name: + description: |- + Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. + properties: + name: + description: |- + Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/ingressroutetcp.yaml b/definitions/traefik.containo.us/ingressroutetcp.yaml new file mode 100644 index 000000000..6f3795444 --- /dev/null +++ b/definitions/traefik.containo.us/ingressroutetcp.yaml @@ -0,0 +1,225 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1 + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1 + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: |- + ProxyProtocol defines the PROXY protocol configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: |- + TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, to close the reading capability as well, + hence fully terminating the connection. + It is a duration in milliseconds, defaulting to 100. + A negative value means an infinite deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: |- + TLS defines the TLS configuration on a layer 4 / TCP Route. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1 + properties: + certResolver: + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + type: string + domains: + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/ingressrouteudp.yaml b/definitions/traefik.containo.us/ingressrouteudp.yaml new file mode 100644 index 000000000..b366f30ec --- /dev/null +++ b/definitions/traefik.containo.us/ingressrouteudp.yaml @@ -0,0 +1,105 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/middleware.yaml b/definitions/traefik.containo.us/middleware.yaml new file mode 100644 index 000000000..91484dd11 --- /dev/null +++ b/definitions/traefik.containo.us/middleware.yaml @@ -0,0 +1,981 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: |- + AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding it. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/ + properties: + prefix: + description: |- + Prefix is the string to add before the current path in the requested URL. + It should include a leading slash (/). + type: string + type: object + basicAuth: + description: |- + BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/ + properties: + headerField: + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + type: string + realm: + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. + type: string + removeHeader: + description: |- + RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. + Default: false. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: |- + Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can be forwarded to backends. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes + properties: + maxRequestBodyBytes: + description: |- + MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). + If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. + Default: 0 (no maximum). + format: int64 + type: integer + maxResponseBodyBytes: + description: |- + MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). + If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. + Default: 0 (no maximum). + format: int64 + type: integer + memRequestBodyBytes: + description: |- + MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). + format: int64 + type: integer + memResponseBodyBytes: + description: |- + MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). + format: int64 + type: integer + retryExpression: + description: |- + RetryExpression defines the retry conditions. + It is a logical combination of functions with operators AND (&&) and OR (||). + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression + type: string + type: object + chain: + description: |- + Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other pieces of middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/ + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: |- + Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the client, using gzip compression. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/ + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: |- + MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. + Default: 1024. + type: integer + type: object + contentType: + description: |- + ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. + properties: + autoDetect: + description: |- + AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, + be automatically set to a value derived from the contents of the response. + As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it. + However, the historic default was to always auto-detect and set the header if it was nil, + and it is going to be kept that way in order to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: |- + DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/ + properties: + headerField: + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + type: string + realm: + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: |- + ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/ + properties: + query: + description: |- + Query defines the URL for the error page (hosted by service). + The {status} variable can be used in order to insert the status code in the URL. + type: string + service: + description: |- + Service defines the reference to a Kubernetes Service that will serve the error page. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: |- + Status defines which status or range of statuses should result in an error page. + It can be either a status code as a number (500), + as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), + or a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: |- + ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/ + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: |- + AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. + If not set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: |- + AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: |- + CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: |- + CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. + The client certificate is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: |- + Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: |- + CustomBrowserXSSValue defines the X-XSS-Protection header value. + This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: |- + CustomFrameOptionsValue defines the X-Frame-Options header value. + This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: |- + IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. + If you would like your development environment to mimic production with complete Host blocking, SSL redirects, + and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: |- + PermissionsPolicy defines the Permissions-Policy header value. + This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: |- + ReferrerPolicy defines the Referrer-Policy header value. + This allows sites to control whether browsers forward the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: |- + SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. + It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: |- + STSSeconds defines the max-age of the Strict-Transport-Security header. + If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: |- + InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and served concurrently. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/ + properties: + amount: + description: |- + Amount defines the maximum amount of allowed simultaneous in-flight request. + The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipAllowList: + description: |- + IPAllowList holds the IP allowlist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: |- + IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ + Deprecated: please use IPAllowList instead. + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: |- + PassTLSClientCert holds the pass TLS client cert middleware configuration. + This middleware adds the selected data from the passed client TLS certificate to a header. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/ + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/ + type: object + rateLimit: + description: |- + RateLimit holds the rate limit configuration. + This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/ + properties: + average: + description: |- + Average is the maximum rate, by default in requests/s, allowed for the given source. + It defaults to 0, which means no rate limiting. + The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, + one needs to define a Period larger than a second. + format: int64 + type: integer + burst: + description: |- + Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. + It defaults to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: |- + Period, in combination with Average, defines the actual maximum rate, such as: + r = Average / Period. It defaults to a second. + x-kubernetes-int-or-string: true + sourceCriterion: + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote address field (as an ipStrategy). + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: |- + RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: |- + RedirectScheme holds the redirect scheme middleware configuration. + This middleware redirects requests from a scheme/port to another. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/ + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: |- + ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/ + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: |- + ReplacePathRegex holds the replace path regex middleware configuration. + This middleware replaces the path of a URL using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/ + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: |- + Retry holds the retry middleware configuration. + This middleware reissues requests a given number of times to a backend server if that server does not reply. + As soon as the server answers, the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/ + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: |- + InitialInterval defines the first wait time in the exponential backoff series. + The maximum interval is calculated as twice the initialInterval. + If unspecified, requests will be retried immediately. + The value of initialInterval should be provided in seconds or as a valid duration format, + see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: |- + StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/ + properties: + forceSlash: + description: |- + ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. + Default: true. + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: |- + StripPrefixRegex holds the strip prefix regex middleware configuration. + This middleware removes the matching prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/ + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/middlewaretcp.yaml b/definitions/traefik.containo.us/middlewaretcp.yaml new file mode 100644 index 000000000..ba8decd46 --- /dev/null +++ b/definitions/traefik.containo.us/middlewaretcp.yaml @@ -0,0 +1,88 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: |- + Amount defines the maximum amount of allowed simultaneous connections. + The middleware closes the connection if there are already amount connections opened. + format: int64 + type: integer + type: object + ipAllowList: + description: |- + IPAllowList defines the IPAllowList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: |- + IPWhiteList defines the IPWhiteList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + Deprecated: please use IPAllowList instead. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/serverstransport.yaml b/definitions/traefik.containo.us/serverstransport.yaml new file mode 100644 index 000000000..4fc7b3ded --- /dev/null +++ b/definitions/traefik.containo.us/serverstransport.yaml @@ -0,0 +1,127 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1 + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/tlsoption.yaml b/definitions/traefik.containo.us/tlsoption.yaml new file mode 100644 index 000000000..406b12985 --- /dev/null +++ b/definitions/traefik.containo.us/tlsoption.yaml @@ -0,0 +1,115 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: |- + ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols + items: + type: string + type: array + cipherSuites: + description: |- + CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: |- + CurvePreferences defines the preferred elliptic curves in a specific order. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences + items: + type: string + type: array + maxVersion: + description: |- + MaxVersion defines the maximum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: None. + type: string + minVersion: + description: |- + MinVersion defines the minimum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: VersionTLS10. + type: string + preferServerCipherSuites: + description: |- + PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430 + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/tlsstore.yaml b/definitions/traefik.containo.us/tlsstore.yaml new file mode 100644 index 000000000..bd611aca9 --- /dev/null +++ b/definitions/traefik.containo.us/tlsstore.yaml @@ -0,0 +1,98 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TLSStore is the CRD implementation of a Traefik TLS Store. + For the time being, only the TLSStore named default is supported. + This means that you cannot have two stores that are named default in different Kubernetes namespaces. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/traefik.containo.us/traefikservice.yaml b/definitions/traefik.containo.us/traefikservice.yaml new file mode 100644 index 000000000..08bef90ae --- /dev/null +++ b/definitions/traefik.containo.us/traefikservice.yaml @@ -0,0 +1,412 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: + - Apply weight to Services on load-balancing + - Mirror traffic on services + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: |- + MaxBodySize defines the maximum size allowed for the body of the request. + If the body is larger, the request is not mirrored. + Default value is -1, which means unlimited size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: |- + Percent defines the part of the traffic to mirror. + Supported values: 0 to 100. + type: integer + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: |- + Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true + diff --git a/definitions/upbound.io/storeconfig.yaml b/definitions/upbound.io/storeconfig.yaml new file mode 100644 index 000000000..fc674cf84 --- /dev/null +++ b/definitions/upbound.io/storeconfig.yaml @@ -0,0 +1,224 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.2 + name: storeconfigs.upbound.io +spec: + group: upbound.io + names: + categories: + - crossplane + - store + - gcp + kind: StoreConfig + listKind: StoreConfigList + plural: storeconfigs + singular: storeconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .spec.defaultScope + name: DEFAULT-SCOPE + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: A StoreConfig configures how Upbound controller should store + connection details. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: A StoreConfigSpec defines the desired state of a ProviderConfig. + properties: + defaultScope: + description: |- + DefaultScope used for scoping secrets for "cluster-scoped" resources. + If store type is "Kubernetes", this would mean the default namespace to + store connection secrets for cluster scoped resources. + In case of "Vault", this would be used as the default parent path. + Typically, should be set as Crossplane installation namespace. + type: string + kubernetes: + description: |- + Kubernetes configures a Kubernetes secret store. + If the "type" is "Kubernetes" but no config provided, in cluster config + will be used. + properties: + auth: + description: Credentials used to connect to the Kubernetes API. + properties: + env: + description: |- + Env is a reference to an environment variable that contains credentials + that must be used to connect to the provider. + properties: + name: + description: Name is the name of an environment variable. + type: string + required: + - name + type: object + fs: + description: |- + Fs is a reference to a filesystem location that contains credentials that + must be used to connect to the provider. + properties: + path: + description: Path is a filesystem path. + type: string + required: + - path + type: object + secretRef: + description: |- + A SecretRef is a reference to a secret key that contains the credentials + that must be used to connect to the provider. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + source: + description: Source of the credentials. + enum: + - None + - Secret + - Environment + - Filesystem + type: string + required: + - source + type: object + required: + - auth + type: object + plugin: + description: Plugin configures External secret store as a plugin. + properties: + configRef: + description: ConfigRef contains store config reference info. + properties: + apiVersion: + description: APIVersion of the referenced config. + type: string + kind: + description: Kind of the referenced config. + type: string + name: + description: Name of the referenced config. + type: string + required: + - apiVersion + - kind + - name + type: object + endpoint: + description: Endpoint is the endpoint of the gRPC server. + type: string + type: object + type: + default: Kubernetes + description: |- + Type configures which secret store to be used. Only the configuration + block for this store will be used and others will be ignored if provided. + Default is Kubernetes. + enum: + - Kubernetes + - Vault + - Plugin + type: string + required: + - defaultScope + type: object + status: + description: A StoreConfigStatus represents the status of a StoreConfig. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/vault.upbound.io/storeconfig.yaml b/definitions/vault.upbound.io/storeconfig.yaml new file mode 100644 index 000000000..68fb138ff --- /dev/null +++ b/definitions/vault.upbound.io/storeconfig.yaml @@ -0,0 +1,224 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + name: storeconfigs.vault.upbound.io +spec: + group: vault.upbound.io + names: + categories: + - crossplane + - store + - vault + kind: StoreConfig + listKind: StoreConfigList + plural: storeconfigs + singular: storeconfig + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .spec.type + name: TYPE + type: string + - jsonPath: .spec.defaultScope + name: DEFAULT-SCOPE + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: A StoreConfig configures how vault controller should store connection + details. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: A StoreConfigSpec defines the desired state of a ProviderConfig. + properties: + defaultScope: + description: |- + DefaultScope used for scoping secrets for "cluster-scoped" resources. + If store type is "Kubernetes", this would mean the default namespace to + store connection secrets for cluster scoped resources. + In case of "Vault", this would be used as the default parent path. + Typically, should be set as Crossplane installation namespace. + type: string + kubernetes: + description: |- + Kubernetes configures a Kubernetes secret store. + If the "type" is "Kubernetes" but no config provided, in cluster config + will be used. + properties: + auth: + description: Credentials used to connect to the Kubernetes API. + properties: + env: + description: |- + Env is a reference to an environment variable that contains credentials + that must be used to connect to the provider. + properties: + name: + description: Name is the name of an environment variable. + type: string + required: + - name + type: object + fs: + description: |- + Fs is a reference to a filesystem location that contains credentials that + must be used to connect to the provider. + properties: + path: + description: Path is a filesystem path. + type: string + required: + - path + type: object + secretRef: + description: |- + A SecretRef is a reference to a secret key that contains the credentials + that must be used to connect to the provider. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - key + - name + - namespace + type: object + source: + description: Source of the credentials. + enum: + - None + - Secret + - Environment + - Filesystem + type: string + required: + - source + type: object + required: + - auth + type: object + plugin: + description: Plugin configures External secret store as a plugin. + properties: + configRef: + description: ConfigRef contains store config reference info. + properties: + apiVersion: + description: APIVersion of the referenced config. + type: string + kind: + description: Kind of the referenced config. + type: string + name: + description: Name of the referenced config. + type: string + required: + - apiVersion + - kind + - name + type: object + endpoint: + description: Endpoint is the endpoint of the gRPC server. + type: string + type: object + type: + default: Kubernetes + description: |- + Type configures which secret store to be used. Only the configuration + block for this store will be used and others will be ignored if provided. + Default is Kubernetes. + enum: + - Kubernetes + - Vault + - Plugin + type: string + required: + - defaultScope + type: object + status: + description: A StoreConfigStatus represents the status of a StoreConfig. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time this condition transitioned from one + status to another. + format: date-time + type: string + message: + description: |- + A Message containing details about this condition's last transition from + one status to another, if any. + type: string + observedGeneration: + description: |- + ObservedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: |- + Type of this condition. At most one of each condition type may apply to + a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/vault.vault.upbound.io/namespace.yaml b/definitions/vault.vault.upbound.io/namespace.yaml new file mode 100644 index 000000000..2d9fb99fd --- /dev/null +++ b/definitions/vault.vault.upbound.io/namespace.yaml @@ -0,0 +1,414 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + name: namespaces.vault.vault.upbound.io +spec: + group: vault.vault.upbound.io + names: + categories: + - crossplane + - managed + - vault + kind: Namespace + listKind: NamespaceList + plural: namespaces + singular: namespace + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .metadata.annotations.crossplane\.io/external-name + name: EXTERNAL-NAME + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Namespace is the Schema for the Namespaces API. Writes namespaces + for Vault + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NamespaceSpec defines the desired state of Namespace + properties: + deletionPolicy: + default: Delete + description: 'DeletionPolicy specifies what will happen to the underlying + external when this managed resource is deleted - either "Delete" + or "Orphan" the external resource. This field is planned to be deprecated + in favor of the ManagementPolicies field in a future release. Currently, + both could be set independently and non-default values would be + honored if the feature flag is enabled. See the design doc for more + information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223' + enum: + - Orphan + - Delete + type: string + forProvider: + properties: + customMetadata: + additionalProperties: + type: string + description: Custom metadata describing this namespace. Value + type is map[string]string. Requires Vault version 1.12+. Custom + metadata describing this namespace. Value type is map[string]string. + type: object + namespace: + description: The namespace to provision the resource in. The value + should not contain leading or trailing forward slashes. The + namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. Target namespace. (requires + Enterprise) + type: string + path: + description: The path of the namespace. Must not have a trailing + /. Namespace path. + type: string + pathFq: + description: The fully qualified path to the namespace. Useful + when provisioning resources in a child namespace. The path is + relative to the provider's namespace argument. The fully qualified + namespace path. + type: string + type: object + initProvider: + description: THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. InitProvider + holds the same fields as ForProvider, with the exception of Identifier + and other resource reference fields. The fields that are in InitProvider + are merged into ForProvider when the resource is created. The same + fields are also added to the terraform ignore_changes hook, to avoid + updating them after creation. This is useful for fields that are + required on creation, but we do not desire to update them after + creation, for example because of an external controller is managing + them, like an autoscaler. + properties: + customMetadata: + additionalProperties: + type: string + description: Custom metadata describing this namespace. Value + type is map[string]string. Requires Vault version 1.12+. Custom + metadata describing this namespace. Value type is map[string]string. + type: object + namespace: + description: The namespace to provision the resource in. The value + should not contain leading or trailing forward slashes. The + namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. Target namespace. (requires + Enterprise) + type: string + path: + description: The path of the namespace. Must not have a trailing + /. Namespace path. + type: string + pathFq: + description: The fully qualified path to the namespace. Useful + when provisioning resources in a child namespace. The path is + relative to the provider's namespace argument. The fully qualified + namespace path. + type: string + type: object + managementPolicies: + default: + - '*' + description: 'THIS IS AN ALPHA FIELD. Do not use it in production. + It is not honored unless the relevant Crossplane feature flag is + enabled, and may be changed or removed without notice. ManagementPolicies + specify the array of actions Crossplane is allowed to take on the + managed and external resources. This field is planned to replace + the DeletionPolicy field in a future release. Currently, both could + be set independently and non-default values would be honored if + the feature flag is enabled. If both are custom, the DeletionPolicy + field will be ignored. See the design doc for more information: + https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 + and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md' + items: + description: A ManagementAction represents an action that the Crossplane + controllers can take on an external resource. + enum: + - Observe + - Create + - Update + - Delete + - LateInitialize + - '*' + type: string + type: array + providerConfigRef: + default: + name: default + description: ProviderConfigReference specifies how the provider that + will be used to create, observe, update, and delete this managed + resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be + used to create, observe, update, and delete this managed resource. + Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of this + reference is required. The default is 'Required', which + means the reconcile will fail if the reference cannot be + resolved. 'Optional' means this reference will be a no-op + if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will attempt + to resolve the reference only when the corresponding field + is not present. Use 'Always' to resolve the reference on + every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + publishConnectionDetailsTo: + description: PublishConnectionDetailsTo specifies the connection secret + config which contains a name, metadata and a reference to secret + store config to which any connection details for this managed resource + should be written. Connection details frequently include the endpoint, + username, and password required to connect to the managed resource. + properties: + configRef: + default: + name: default + description: SecretStoreConfigRef specifies which secret store + config should be used for this ConnectionSecret. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: Resolution specifies whether resolution of + this reference is required. The default is 'Required', + which means the reconcile will fail if the reference + cannot be resolved. 'Optional' means this reference + will be a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: Resolve specifies when this reference should + be resolved. The default is 'IfNotPresent', which will + attempt to resolve the reference only when the corresponding + field is not present. Use 'Always' to resolve the reference + on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + metadata: + description: Metadata is the metadata for connection secret. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are the annotations to be added to + connection secret. - For Kubernetes secrets, this will be + used as "metadata.annotations". - It is up to Secret Store + implementation for others store types. + type: object + labels: + additionalProperties: + type: string + description: Labels are the labels/tags to be added to connection + secret. - For Kubernetes secrets, this will be used as "metadata.labels". + - It is up to Secret Store implementation for others store + types. + type: object + type: + description: Type is the SecretType for the connection secret. + - Only valid for Kubernetes Secret Stores. + type: string + type: object + name: + description: Name is the name of the connection secret. + type: string + required: + - name + type: object + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace + and name of a Secret to which any connection details for this managed + resource should be written. Connection details frequently include + the endpoint, username, and password required to connect to the + managed resource. This field is planned to be replaced in a future + release in favor of PublishConnectionDetailsTo. Currently, both + could be set independently and connection details would be published + to both without affecting each other. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + required: + - forProvider + type: object + x-kubernetes-validations: + - message: path is a required parameter + rule: '!(''*'' in self.managementPolicies || ''Create'' in self.managementPolicies + || ''Update'' in self.managementPolicies) || has(self.forProvider.path) + || has(self.initProvider.path)' + status: + description: NamespaceStatus defines the observed state of Namespace. + properties: + atProvider: + properties: + customMetadata: + additionalProperties: + type: string + description: Custom metadata describing this namespace. Value + type is map[string]string. Requires Vault version 1.12+. Custom + metadata describing this namespace. Value type is map[string]string. + type: object + id: + description: The fully qualified path to the namespace, including + the provider namespace and a trailing slash. + type: string + namespace: + description: The namespace to provision the resource in. The value + should not contain leading or trailing forward slashes. The + namespace is always relative to the provider's configured namespace. + Available only for Vault Enterprise. Target namespace. (requires + Enterprise) + type: string + namespaceId: + description: Vault server's internal ID of the namespace. Namespace + ID. + type: string + path: + description: The path of the namespace. Must not have a trailing + /. Namespace path. + type: string + pathFq: + description: The fully qualified path to the namespace. Useful + when provisioning resources in a child namespace. The path is + relative to the provider's namespace argument. The fully qualified + namespace path. + type: string + type: object + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition + transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's + last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from + one status to another. + type: string + status: + description: Status of this condition; is it currently True, + False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition + type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/definitions/velero.io/resticrepository.yaml b/definitions/velero.io/resticrepository.yaml new file mode 100644 index 000000000..fc405dca2 --- /dev/null +++ b/definitions/velero.io/resticrepository.yaml @@ -0,0 +1,95 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + component: velero + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: resticrepositories.velero.io +spec: + group: velero.io + names: + kind: ResticRepository + listKind: ResticRepositoryList + plural: resticrepositories + singular: resticrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ResticRepositorySpec is the specification for a ResticRepository. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should + be run. + type: string + resticIdentifier: + description: ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: VolumeNamespace is the namespace this restic repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: ResticRepositoryStatus is the current status of a ResticRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the + ResticRepository. + type: string + phase: + description: Phase is the current state of the ResticRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + diff --git a/definitions/workloads.kubeblocks.io/replicatedstatemachine.yaml b/definitions/workloads.kubeblocks.io/replicatedstatemachine.yaml new file mode 100644 index 000000000..0eeb8e84a --- /dev/null +++ b/definitions/workloads.kubeblocks.io/replicatedstatemachine.yaml @@ -0,0 +1,9841 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.12.1 + labels: + app.kubernetes.io/name: kubeblocks + name: replicatedstatemachines.workloads.kubeblocks.io +spec: + group: workloads.kubeblocks.io + names: + categories: + - kubeblocks + - all + kind: ReplicatedStateMachine + listKind: ReplicatedStateMachineList + plural: replicatedstatemachines + shortNames: + - rsm + singular: replicatedstatemachine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: leader pod name. + jsonPath: .status.membersStatus[?(@.role.isLeader==true)].podName + name: LEADER + type: string + - description: ready replicas. + jsonPath: .status.readyReplicas + name: READY + type: string + - description: total replicas. + jsonPath: .status.replicas + name: REPLICAS + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ReplicatedStateMachine is the Schema for the replicatedstatemachines + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReplicatedStateMachineSpec defines the desired state of ReplicatedStateMachine + properties: + alternativeServices: + description: AlternativeServices defines Alternative Services selector + pattern specifier. can be used for creating Readonly service. + items: + description: Service is a named abstraction of software service + (for example, mysql) consisting of local port (for example 3306) + that the proxy listens on, and the selector that determines which + pods will answer requests sent through the proxy. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. If + the caller requests specific NodePorts (by specifying + a value), those requests will be respected, regardless + of this field. This field may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not + be changed through updates unless the type field is also + being changed to ExternalName (which requires this field + to be blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful + when direct endpoint connections are preferred and proxying + is not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will + fail. This field may not be changed through updates unless + the type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is + being changed from ExternalName (in which case this field + may optionally be specified, as describe above). Valid + values are \"None\", empty string (\"\"), or a valid IP + address. Setting this to \"None\" makes a \"headless + service\" (no virtual IP), which is useful when direct + endpoint connections are preferred and proxying is not + required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + \ If this field is not specified, it will be initialized + from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have + the same value. \n This field may hold a maximum of two + entries (dual-stack IPs, in either order). These IPs must + correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will be + involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy describes how nodes distribute + service traffic they receive on one of the Service's "externally-facing" + addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). + If set to "Local", the proxy will configure the service + in a way that assumes that external load balancers will + take care of balancing the service traffic between nodes, + and so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the client + source IP. (Traffic mistakenly sent to a node with no + endpoints will be dropped.) The default value, "Cluster", + uses the standard behavior of routing to all endpoints + evenly (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" semantics, + but clients sending to a NodePort from within the cluster + may need to take traffic policy into account when picking + a node. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). This field cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes distribute + service traffic they receive on the ClusterIP. If set + to "Local", the proxy will assume that pods only want + to talk to endpoints of the service on the same node as + the pod, dropping the traffic if there are no local endpoints. + The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified + by topology and other features). + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" and + \"IPv6\". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to \"headless\" services. This field will be wiped when + updating a Service to type ExternalName. \n This field + may hold a maximum of two entries (dual-stack families, + in either order). These families must correspond to the + values of the clusterIPs field, if specified. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an + IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If specified, + the value of this field must be a label-style identifier, + with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". + Unprefixed names are reserved for end-users. This field + can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is + used, today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any default + load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only + be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped + when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field was + under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations + when available.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this + service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names + (as per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + * 'kubernetes.io/ws' - WebSocket over cleartext + as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should be + omitted or set equal to the ''port'' field. More + info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any + agent which deals with endpoints for this Service should + disregard any indications of ready/not-ready. The primary + use case for setting this field is for a StatefulSet's + Headless Service to propagate SRV DNS records for its + Pods for the purpose of peer discovery. The Kubernetes + controllers that generate Endpoints and EndpointSlice + resources for Services interpret this to mean that all + endpoints are considered "ready" even if the Pods themselves + are not. Agents which consume only Kubernetes generated + endpoints through the Endpoints or EndpointSlice resources + can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only + applies to types ClusterIP, NodePort, and LoadBalancer. + Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of + Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to endpoints. + Endpoints are determined by the selector or if that is + not specified, by manual construction of an Endpoints + object or EndpointSlice objects. If clusterIP is "None", + no virtual IP is allocated and the endpoints are published + as a set of endpoints rather than a virtual IP. "NodePort" + builds on ClusterIP and allocates a port on every node + which routes to the same endpoints as the clusterIP. "LoadBalancer" + builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the + same endpoints as the clusterIP. "ExternalName" aliases + this service to the specified externalName. Several other + fields do not apply to ExternalName services. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + status: + description: 'Most recently observed status of the service. + Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + conditions: + description: Current service state + items: + description: "Condition contains details for one aspect + of the current state of this API Resource. --- This + struct is intended for direct use as an array at the + field path .status.conditions. For example, \n type + FooStatus struct{ // Represents the observations of + a foo's current state. // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" + // +patchMergeKey=type // +patchStrategy=merge // +listType=map + // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the + condition transitioned from one status to another. + This should be when the underlying condition changed. If + that is not known, then using the time when the + API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty + string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the + .status.conditions[x].observedGeneration is 9, the + condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define + expected values and meanings for this field, and + whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field + may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, + False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in + foo.example.com/CamelCase. --- Many .condition.type + values are consistent across resources like Available, + but because arbitrary conditions can be useful (see + .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of + the load-balancer, if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points + for the load-balancer. Traffic intended for the service + should be sent to these ingress points. + items: + description: 'LoadBalancerIngress represents the status + of a load-balancer ingress point: traffic intended + for the service should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer + ingress points that are DNS based (typically + AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress + points that are IP based (typically GCE or OpenStack + load-balancers) + type: string + ports: + description: Ports is a list of records of service + ports If used, every port defined in the service + should have an entry in it + items: + properties: + error: + description: 'Error is to record the problem + with the service port The format of the + error shall comply with the following + rules: - built-in error values shall be + specified in this file and those shall + use CamelCase names - cloud provider specific + error values must have names that comply + with the format foo.example.com/CamelCase. + --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of + the service port of which status is recorded + here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of + the service port of which status is recorded + here The supported values are: "TCP", + "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + type: array + credential: + description: Credential used to connect to DB engine + properties: + password: + description: Password variable name will be KB_RSM_PASSWORD + properties: + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + username: + description: Username variable name will be KB_RSM_USERNAME + properties: + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + required: + - password + - username + type: object + memberUpdateStrategy: + description: "MemberUpdateStrategy, Members(Pods) update strategy. + \n - serial: update Members one by one that guarantee minimum component + unavailable time. `Learner -> Follower(with AccessMode=none) -> + Follower(with AccessMode=readonly) -> Follower(with AccessMode=readWrite) + -> Leader` - bestEffortParallel: update Members in parallel that + guarantee minimum component un-writable time. `Learner, Follower(minority) + in parallel -> Follower(majority) -> Leader`, keep majority online + all the time. - parallel: force parallel" + enum: + - Serial + - BestEffortParallel + - Parallel + type: string + membershipReconfiguration: + description: MembershipReconfiguration provides actions to do membership + dynamic reconfiguration. + properties: + logSyncAction: + description: LogSyncAction specifies how to trigger the new member + to start log syncing previous none-nil action's Image will be + used if not configured + properties: + command: + description: Command will be executed in Container to retrieve + or process role info + items: + type: string + type: array + image: + description: utility image contains command that can be used + to retrieve of process role info + type: string + required: + - command + type: object + memberJoinAction: + description: MemberJoinAction specifies how to add member previous + none-nil action's Image will be used if not configured + properties: + command: + description: Command will be executed in Container to retrieve + or process role info + items: + type: string + type: array + image: + description: utility image contains command that can be used + to retrieve of process role info + type: string + required: + - command + type: object + memberLeaveAction: + description: MemberLeaveAction specifies how to remove member + previous none-nil action's Image will be used if not configured + properties: + command: + description: Command will be executed in Container to retrieve + or process role info + items: + type: string + type: array + image: + description: utility image contains command that can be used + to retrieve of process role info + type: string + required: + - command + type: object + promoteAction: + description: PromoteAction specifies how to tell the cluster that + the new member can join voting now previous none-nil action's + Image will be used if not configured + properties: + command: + description: Command will be executed in Container to retrieve + or process role info + items: + type: string + type: array + image: + description: utility image contains command that can be used + to retrieve of process role info + type: string + required: + - command + type: object + switchoverAction: + description: "Environment variables can be used in all following + Actions: \n - KB_RSM_USERNAME username part of credential - + KB_RSM_PASSWORD password part of credential - KB_RSM_LEADER_HOST + leader host - KB_RSM_TARGET_HOST target host - KB_RSM_SERVICE_PORT + port \n SwitchoverAction specifies how to do switchover latest + [BusyBox](https://busybox.net/) image will be used if Image + not configured" + properties: + command: + description: Command will be executed in Container to retrieve + or process role info + items: + type: string + type: array + image: + description: utility image contains command that can be used + to retrieve of process role info + type: string + required: + - command + type: object + type: object + nodeAssignment: + description: NodeAssignment defines the expected assignment of nodes. + items: + properties: + name: + description: Name defines the name of statefulSet that needs + to allocate node. + type: string + nodeSpec: + description: NodeSpec defines the detailed node info that will + assign to the statefulSet. + properties: + nodeName: + description: "NodeName is a type that holds a api.Node's + Name identifier. Being a type captures intent and helps + make sure that the node name is not confused with similar + concepts (the hostname, the cloud provider id, the cloud + provider name etc) \n To clarify the various types: \n + - Node.Name is the Name field of the Node in the API. + \ This should be stored in a NodeName. Unfortunately, + because Name is part of ObjectMeta, we can't store it + as a NodeName at the API level. \n - Hostname is the hostname + of the local machine (from uname -n). However, some components + allow the user to pass in a --hostname-override flag, + which will override this in most places. In the absence + of anything more meaningful, kubelet will use Hostname + as the Node.Name when it creates the Node. \n * The cloudproviders + have the own names: GCE has InstanceName, AWS has InstanceId. + \n For GCE, InstanceName is the Name of an Instance object + in the GCE API. On GCE, Instance.Name becomes the Hostname, + and thus it makes sense also to use it as the Node.Name. + \ But that is GCE specific, and it is up to the cloudprovider + how to do this mapping. \n For AWS, the InstanceID is + not yet suitable for use as a Node.Name, so we actually + use the PrivateDnsName for the Node.Name. And this is + _not_ always the same as the hostname: if we are using + a custom DHCP domain it won't be." + type: string + type: object + type: object + type: array + paused: + description: Paused indicates that the rsm is paused, means the reconciliation + of this rsm object will be paused. + type: boolean + podManagementPolicy: + description: "podManagementPolicy controls how pods are created during + initial scale up, when replacing pods on nodes, or when scaling + down. \n - The default policy is `OrderedReady`, where pods are + created in increasing order (pod-0, then pod-1, etc) and the controller + will wait until each pod is ready before continuing. When scaling + down, the pods are removed in the opposite order. - The alternative + policy is `Parallel` which will create pods in parallel to match + the desired scale without waiting, and on scale down will delete + all pods at once." + type: string + replicas: + default: 1 + description: replicas is the desired number of replicas of the given + Template. These are replicas in the sense that they are instantiations + of the same Template, but individual replicas also have a consistent + identity. If unspecified, defaults to 1. + format: int32 + minimum: 0 + type: integer + roleProbe: + description: RoleProbe provides method to probe role. + properties: + builtinHandlerName: + description: 'BuiltinHandler specifies the builtin handler name + to use to probe the role of the main container. current available + handlers: mysql, postgres, mongodb, redis, etcd, kafka. use + CustomHandler to define your own role probe function if none + of them satisfies the requirement.' + type: string + customHandler: + description: "CustomHandler defines the custom way to do role + probe. if the BuiltinHandler satisfies the requirement, use + it instead. \n how the actions defined here works: \n Actions + will be taken in serial. after all actions done, the final output + should be a single string of the role name defined in spec.Roles + latest [BusyBox](https://busybox.net/) image will be used if + Image not configured Environment variables can be used in Command: + \n - v_KB_RSM_LAST_STDOUT stdout from last action, watch 'v_' + prefixed - KB_RSM_USERNAME username part of credential - KB_RSM_PASSWORD + password part of credential" + items: + properties: + command: + description: Command will be executed in Container to retrieve + or process role info + items: + type: string + type: array + image: + description: utility image contains command that can be + used to retrieve of process role info + type: string + required: + - command + type: object + type: array + failureThreshold: + default: 3 + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. Defaults to 3. Minimum + value is 1. + format: int32 + minimum: 1 + type: integer + initialDelaySeconds: + default: 0 + description: Number of seconds after the container has started + before role probe has started. + format: int32 + minimum: 0 + type: integer + periodSeconds: + default: 2 + description: How often (in seconds) to perform the probe. Default + to 2 seconds. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + roleUpdateMechanism: + default: ReadinessProbeEventUpdate + description: RoleUpdateMechanism specifies the way how pod role + label being updated. + enum: + - ReadinessProbeEventUpdate + - DirectAPIServerEventUpdate + type: string + successThreshold: + default: 1 + description: Minimum consecutive successes for the probe to be + considered successful after having failed. Defaults to 1. Minimum + value is 1. + format: int32 + minimum: 1 + type: integer + timeoutSeconds: + default: 1 + description: Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + format: int32 + minimum: 1 + type: integer + type: object + roles: + description: Roles, a list of roles defined in the system. + items: + properties: + accessMode: + default: ReadWrite + description: AccessMode, what service this member capable. + enum: + - None + - Readonly + - ReadWrite + type: string + canVote: + default: true + description: CanVote, whether this member has voting rights + type: boolean + isLeader: + default: false + description: IsLeader, whether this member is the leader + type: boolean + name: + default: leader + description: Name, role name. + type: string + required: + - accessMode + - name + type: object + type: array + rsmTransformPolicy: + default: ToSts + description: 'RsmTransformPolicy defines the policy generate sts using + rsm. Passed from cluster. ToSts: rsm transform to statefulSet ToPod: + rsm transform to pod' + enum: + - ToPod + - ToSts + type: string + selector: + description: 'selector is a label query over pods that should match + the replica count. It must match the pod template''s labels. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + service: + description: service defines the behavior of a service spec. provides + read-write service https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type LoadBalancer. Default + is "true". It may be set to "false" if the cluster load-balancer + does not rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will be + respected, regardless of this field. This field may only + be set for services with type LoadBalancer and will be cleared + if the type is changed to any other type. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service and + is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), and + is not in use, it will be allocated to the service; otherwise + creation of the service will fail. This field may not be + changed through updates unless the type field is also being + changed to ExternalName (which requires this field to be + blank) or the type field is being changed from ExternalName + (in which case this field may optionally be specified, as + describe above). Valid values are "None", empty string + (""), or a valid IP address. Setting this to "None" makes + a "headless service" (no virtual IP), which is useful when + direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, + and LoadBalancer. If this field is specified when creating + a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. If + an address is specified manually, is in-range (as per system + configuration), and is not in use, it will be allocated + to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the + type field is also being changed to ExternalName (which + requires this field to be empty) or the type field is being + changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values + are \"None\", empty string (\"\"), or a valid IP address. + \ Setting this to \"None\" makes a \"headless service\" + (no virtual IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, + it will be initialized from the clusterIP field. If this + field is specified, clients must ensure that clusterIPs[0] + and clusterIP have the same value. \n This field may hold + a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies + field. Both clusterIPs and ipFamilies are governed by the + ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this service. These + IPs are not managed by Kubernetes. The user is responsible + for ensuring that traffic arrives at a node with this IP. A + common example is external load-balancers that are not part + of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that discovery + mechanisms will return as an alias for this service (e.g. + a DNS CNAME record). No proxying will be involved. Must + be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy describes how nodes distribute + service traffic they receive on one of the Service's "externally-facing" + addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). + If set to "Local", the proxy will configure the service + in a way that assumes that external load balancers will + take care of balancing the service traffic between nodes, + and so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the client + source IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses the + standard behavior of routing to all endpoints evenly (possibly + modified by topology and other features). Note that traffic + sent to an External IP or LoadBalancer IP from within the + cluster will always get "Cluster" semantics, but clients + sending to a NodePort from within the cluster may need to + take traffic policy into account when picking a node. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type is + set to LoadBalancer and externalTrafficPolicy is set to + Local. If a value is specified, is in-range, and is not + in use, it will be used. If not specified, a value will + be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints + for this service or not. If this field is specified when + creating a Service which does not need it, creation will + fail. This field will be wiped when updating a Service to + no longer need it (e.g. changing type). This field cannot + be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes distribute + service traffic they receive on the ClusterIP. If set to + "Local", the proxy will assume that pods only want to talk + to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The + default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology + and other features). + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. IPv4, + IPv6) assigned to this service. This field is usually assigned + automatically based on cluster configuration and the ipFamilyPolicy + field. If this field is specified manually, the requested + family is available in the cluster, and ipFamilyPolicy allows + it, it will be used; otherwise creation of the service will + fail. This field is conditionally mutable: it allows for + adding or removing a secondary IP family, but it does not + allow changing the primary IP family of the Service. Valid + values are \"IPv4\" and \"IPv6\". This field only applies + to Services of types ClusterIP, NodePort, and LoadBalancer, + and does apply to \"headless\" services. This field will + be wiped when updating a Service to type ExternalName. \n + This field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 or + IPv6). This type is used to express the family of an IP + expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no value + provided, then this field will be set to SingleStack. Services + can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or a + single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on the + value of this field. This field will be wiped when updating + a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load balancer + implementation this Service belongs to. If specified, the + value of this field must be a label-style identifier, with + an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". + Unprefixed names are reserved for end-users. This field + can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is + used, today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any default + load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only + be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped + when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field was + under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations + when available.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider load-balancer + will be restricted to the specified client IPs. This field + will be ignored if the cloud-provider does not support the + feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + ports: + description: 'The list of ports that are exposed by this service. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: "The application protocol for this port. + This is used as a hint for implementations to offer + richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: \n * Un-prefixed protocol + names - reserved for IANA standard service names (as + per RFC-6335 and https://www.iana.org/assignments/service-names). + \n * Kubernetes-defined prefixed names: * 'kubernetes.io/h2c' + - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + * 'kubernetes.io/ws' - WebSocket over cleartext as + described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described + in https://www.rfc-editor.org/rfc/rfc6455 \n * Other + protocols should use implementation-defined prefixed + names such as mycompany.com/my-custom-protocol." + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in + the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, in-range, + and not in use it will be used, otherwise the operation + will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified + when creating a Service which does not need it, creation + will fail. This field will be wiped when updating + a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this + is not specified, the value of the ''port'' field + is used (an identity map). This field is ignored for + services with clusterIP=None, and should be omitted + or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-map-keys: + - port + - protocol + x-kubernetes-list-type: map + publishNotReadyAddresses: + description: publishNotReadyAddresses indicates that any agent + which deals with endpoints for this Service should disregard + any indications of ready/not-ready. The primary use case + for setting this field is for a StatefulSet's Headless Service + to propagate SRV DNS records for its Pods for the purpose + of peer discovery. The Kubernetes controllers that generate + Endpoints and EndpointSlice resources for Services interpret + this to mean that all endpoints are considered "ready" even + if the Pods themselves are not. Agents which consume only + Kubernetes generated endpoints through the Endpoints or + EndpointSlice resources can safely assume this behavior. + type: boolean + selector: + additionalProperties: + type: string + description: 'Route service traffic to pods with label keys + and values matching this selector. If empty or not present, + the service is assumed to have an external process managing + its endpoints, which Kubernetes will not modify. Only applies + to types ClusterIP, NodePort, and LoadBalancer. Ignored + if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' + type: object + x-kubernetes-map-type: atomic + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations of Client + IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, + NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal + IP address for load-balancing to endpoints. Endpoints are + determined by the selector or if that is not specified, + by manual construction of an Endpoints object or EndpointSlice + objects. If clusterIP is "None", no virtual IP is allocated + and the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and allocates + a port on every node which routes to the same endpoints + as the clusterIP. "LoadBalancer" builds on NodePort and + creates an external load-balancer (if supported in the current + cloud) which routes to the same endpoints as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + status: + description: 'Most recently observed status of the service. Populated + by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + conditions: + description: Current service state + items: + description: "Condition contains details for one aspect + of the current state of this API Resource. --- This struct + is intended for direct use as an array at the field path + .status.conditions. For example, \n type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: \"Available\", \"Progressing\", + and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" + patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the + condition transitioned from one status to another. + This should be when the underlying condition changed. If + that is not known, then using the time when the API + field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty + string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, + if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to + the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier + indicating the reason for the condition's last transition. + Producers of specific condition types may define expected + values and meanings for this field, and whether the + values are considered a guaranteed API. The value + should be a CamelCase string. This field may not be + empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, + Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is + (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the + load-balancer, if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points + for the load-balancer. Traffic intended for the service + should be sent to these ingress points. + items: + description: 'LoadBalancerIngress represents the status + of a load-balancer ingress point: traffic intended + for the service should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress + points that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress + points that are IP based (typically GCE or OpenStack + load-balancers) + type: string + ports: + description: Ports is a list of records of service + ports If used, every port defined in the service + should have an entry in it + items: + properties: + error: + description: 'Error is to record the problem + with the service port The format of the + error shall comply with the following rules: + - built-in error values shall be specified + in this file and those shall use CamelCase + names - cloud provider specific error values + must have names that comply with the format + foo.example.com/CamelCase. --- The regex + it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the + service port of which status is recorded + here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of + the service port of which status is recorded + here The supported values are: "TCP", "UDP", + "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + serviceName: + description: 'serviceName is the name of the service that governs + this StatefulSet. This service must exist before the StatefulSet, + and is responsible for the network identity of the set. Pods get + DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local + where "pod-specific-string" is managed by the StatefulSet controller.' + type: string + template: + description: PodTemplateSpec describes the data a pod should have + when created from a template + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'Specification of the desired behavior of the pod. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will + actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may + not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to + the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + containers: + description: List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at least + one container in a Pod. Cannot be updated. + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The container image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on + the default "0.0.0.0" address inside a container will + be accessible from the network. Modifying this array + with strategic merge patch may corrupt the data. For + more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this + resource resize policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior + of individual containers in a pod. This field may + only be set for init containers, and the only allowed + value is "Always". For non-init containers or when + this field is not specified, the restart behavior + is defined by the Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" for the + init container will have the following effect: this + init container will be continually restarted on exit + until all regular containers have terminated. Once + all regular containers have completed, all init containers + with restartPolicy "Always" will be shut down. This + lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although + this init container still starts in the init container + sequence, it does not wait for the container to complete + before proceeding to the next init container. Instead, + the next init container starts immediately after this + init container is started, or after any startupProbe + has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields + of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If + this probe fails, the Pod will be restarted, just + as if the livenessProbe failed. This can be used to + provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time + to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will + be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in + the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + ephemeralContainers: + description: List of ephemeral containers run in this pod. + Ephemeral containers may be run in an existing pod to perform + user-initiated actions such as debugging. This list cannot + be specified when creating a pod, and it cannot be modified + by updating the pod spec. In order to add an ephemeral container + to an existing pod, use the pod's ephemeralcontainers subresource. + items: + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated + activities such as debugging. Ephemeral containers have + no resource or scheduling guarantees, and they will not + be restarted when they exit or when a Pod is removed or + restarted. The kubelet may evict a Pod if an ephemeral + container causes the Pod to exceed its resource allocation. + \n To add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers may + not be removed or restarted." + properties: + args: + description: 'Arguments to the entrypoint. The image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The image''s ENTRYPOINT is used if this is + not provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. If a + variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle is not allowed for ephemeral + containers. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the ephemeral container specified + as a DNS_LABEL. This name must be unique among all + containers, init containers and ephemeral containers. + type: string + ports: + description: Ports are not allowed for ephemeral containers. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this + resource resize policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: Resources are not allowed for ephemeral + containers. Ephemeral containers use spare resources + already allocated to the pod. + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: Restart policy for the container to manage + the restart behavior of each container within a pod. + This may only be set for init containers. You cannot + set this field on ephemeral containers. + type: string + securityContext: + description: 'Optional: SecurityContext defines the + security options the ephemeral container should be + run with. If set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext.' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: Probes are not allowed for ephemeral containers. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + targetContainerName: + description: "If set, the name of the container from + PodSpec that this ephemeral container targets. The + ephemeral container will be run in the namespaces + (IPC, PID, etc) of this container. If not set then + the ephemeral container uses the namespaces configured + in the Pod spec. \n The container runtime must implement + support for this feature. If the runtime does not + support namespace targeting then the result of setting + this field is undefined." + type: string + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + hostAliases: + description: HostAliases is an optional list of hosts and + IPs that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and + hostnames that will be injected as an entry in the pod's + hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: Default + to true. If set to true or not present, the pod will be + run in the host user namespace, useful for when the pod + needs a feature only available to the host user namespace, + such as loading a kernel module with CAP_SYS_MODULE. When + set to false, a new userns is created for the pod. Setting + false is useful for mitigating container breakout vulnerabilities + even allowing users to run their containers as root without + actually having root privileges on the host. This field + is alpha-level and is only honored by servers that enable + the UserNamespacesSupport feature.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. If specified, these + secrets will be passed to individual puller implementations + for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'List of initialization containers belonging + to the pod. Init containers are executed in order prior + to containers being started. If any init container fails, + the pod is considered to have failed and is handled according + to its restartPolicy. The name for an init container or + normal container must be unique among all containers. Init + containers may not have Lifecycle actions, Readiness probes, + Liveness probes, or Startup probes. The resourceRequirements + of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, + and then using the max of of that value or the sum of the + normal containers. Limits are applied to init containers + in a similar fashion. Init containers cannot currently be + added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The container image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on + the default "0.0.0.0" address inside a container will + be accessible from the network. Modifying this array + with strategic merge patch may corrupt the data. For + more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this + resource resize policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified + resource is resized. If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the restart behavior + of individual containers in a pod. This field may + only be set for init containers, and the only allowed + value is "Always". For non-init containers or when + this field is not specified, the restart behavior + is defined by the Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" for the + init container will have the following effect: this + init container will be continually restarted on exit + until all regular containers have terminated. Once + all regular containers have completed, all init containers + with restartPolicy "Always" will be shut down. This + lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although + this init container still starts in the init container + sequence, it does not wait for the container to complete + before proceeding to the next init container. Instead, + the next init container starts immediately after this + init container is started, or after any startupProbe + has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields + of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If + this probe fails, the Pod will be restarted, just + as if the livenessProbe failed. This can be used to + provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time + to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits + resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is + set. \n If the OS field is set to linux, the following fields + must be unset: -securityContext.windowsOptions \n If the + OS field is set to windows, following fields must be unset: + - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup" + properties: + name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be + one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field + will be autopopulated at admission time by the RuntimeClass + admission controller. If the RuntimeClass admission controller + is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create + requests which have the overhead already set. If RuntimeClass + is configured and selected in the PodSpec, Overhead will + be set to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. More + info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from + setting this field. The admission controller populates this + field from PriorityClassName. The higher the value, the + higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, + the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness + gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + resourceClaims: + description: "ResourceClaims defines which ResourceClaims + must be allocated and reserved before the Pod is allowed + to start. The resources will be made available to those + containers which consume them by name. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: PodResourceClaim references exactly one ResourceClaim + through a ClaimSource. It adds a name to it that uniquely + identifies the ResourceClaim inside the Pod. Containers + that need access to the ResourceClaim reference it with + this name. + properties: + name: + description: Name uniquely identifies this resource + claim inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name of a + ResourceClaim object in the same namespace as + this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name + of a ResourceClaimTemplate object in the same + namespace as this pod. \n The template will be + used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, + the ResourceClaim will also be deleted. The pod + name and resource name, along with a generated + component, will be used to form a unique name + for the ResourceClaim, which will be recorded + in pod.status.resourceClaimStatuses. \n This field + is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane + after creating the ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + restartPolicy: + description: 'Restart policy for all containers within the + pod. One of Always, OnFailure, Never. In some contexts, + only a subset of those values may be permitted. Default + to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit class with + an empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values + that if specified will block scheduling the pod. If schedulingGates + is not empty, the pod will stay in the SchedulingGated state + and the scheduler will not attempt to schedule the pod. + \n SchedulingGates can only be set at pod creation time, + and be removed only afterwards. \n This is a beta feature + enabled by the PodSchedulingReadiness feature gate." + items: + description: PodSchedulingGate is associated to a Pod to + guard its scheduling. + properties: + name: + description: Name of the scheduling gate. Each scheduling + gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume to + be owned by the pod: \n 1. The owning GID will be the + FSGroup 2. The setgid bit is set (new files created + in the volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, the Kubelet + will not modify the ownership and permissions of any + volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. Valid + values are "OnRootMismatch" and "Always". If not specified, + "Always" is used. Note that this field cannot be set + when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set + when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must be set + if type is "Localhost". Must NOT be set for any + other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are not included + in this list. Note that this field cannot be set when + spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. Note that + this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within a + container's SecurityContext will be used. If set in + both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias + for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the + hostname field of the kernel (the nodename field of struct + utsname). In Windows containers, this means setting the + registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all + of the containers in a pod. When this is set containers + will be able to view and signal processes from other containers + in the same pod, and the first process in each container + will not be assigned PID 1. HostPID and ShareProcessNamespace + cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). If this value is nil, the default grace period + will be used instead. The grace period is the duration in + seconds after the processes running in the pod are sent + a termination signal and the time when the processes are + forcibly halted with a kill signal. Set this value longer + than the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are ANDed with + labelSelector to select the group of existing pods + over which spreading will be calculated for the incoming + pod. The same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be set when + LabelSelector isn't set. Keys that don't exist in + the incoming pod labels will be ignored. A null or + empty list means only match against labelSelector. + \n This is a beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or zero + if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as + 2/2/1: In this case, the global minimum is 1. | zone1 + | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 + to become 2/2/2; scheduling it onto zone1(zone2) would + make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto + any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible domains + with matching topology keys is less than minDomains, + Pod Topology Spread treats \"global minimum\" as 0, + and then the calculation of Skew is performed. And + when the number of eligible domains with matching + topology keys equals or greater than minDomains, this + value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to + those domains. If value is nil, the constraint behaves + as if MinDomains is equal to 1. Valid values are integers + greater than 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a 3-zone + cluster, MaxSkew is set to 2, MinDomains is set to + 5 and pods with the same labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), + so \"global minimum\" is treated as 0. In this situation, + new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod + is scheduled to any of the three zones, it will violate + MaxSkew. \n This is a beta field and requires the + MinDomainsInPodTopologySpread feature gate to be enabled + (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will + treat Pod's nodeAffinity/nodeSelector when calculating + pod topology spread skew. Options are: - Honor: only + nodes matching nodeAffinity/nodeSelector are included + in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent + to the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will + treat node taints when calculating pod topology spread + skew. Options are: - Honor: nodes without taints, + along with tainted nodes for which the incoming pod + has a toleration, are included. - Ignore: node taints + are ignored. All nodes are included. \n If this value + is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and try + to put balanced number of pods into each bucket. We + define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose + nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node + assignment for that pod would violate "MaxSkew" on + some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P + | P | P | If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS + Disk resource that is attached to a kubelet''s host + machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in the + volume that you want to mount. If omitted, the + default is to mount by volume name. Examples: + For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the + readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: fsType is Filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is + a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is + reference to the authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados + user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a + secret object containing parameters used to connect + to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the ConfigMap, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: driver is the name of the CSI driver + that handles this volume. Consult with your admin + for the correct name as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", + "ntfs". If not provided, the empty value is passed + to the associated CSI driver which will determine + the default filesystem to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference + to the secret object containing sensitive information + to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no + secret is required. If the secret object contains + more than one secret, all secret references are + passed. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. + Consult your driver's documentation for supported + values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage + medium should back this directory. The default + is "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local + storage required for this EmptyDir volume. The + size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would + be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is + handled by a cluster storage driver. The volume's + lifecycle is tied to the pod that defines it - it + will be created before the pod starts, and deleted + when the pod is removed. \n Use this if: a) the volume + is only needed while the pod runs, b) features of + normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified + through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on + the connection between this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the + lifecycle of an individual pod. \n Use CSI for light-weight + local ephemeral volumes if the CSI driver is meant + to be used that way - see the documentation of the + driver for more information. \n A pod can use both + types of ephemeral volumes and persistent volumes + at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone + PVC to provision the volume. The pod in which + this EphemeralVolumeSource is embedded will be + the owner of the PVC, i.e. the PVC will be deleted + together with the pod. The name of the PVC will + be `-` where `` + is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too + long). \n An existing PVC with that name that + is not owned by the pod will *not* be used for + the pod to avoid using an unrelated volume by + mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created + PVC is meant to be used by the pod, the PVC has + to updated with an owner reference to the pod + once the pod exists. Normally this should not + be necessary, but it may be useful when manually + reconstructing a broken cluster. \n This field + is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, + must not be nil." + properties: + metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be + rejected during validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into + the PVC that gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used + to specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, + it will create a new volume based on the + contents of the specified data source. + When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource + when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If + APIGroup is not specified, the specified + Kind must be in the core API group. + For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the + object from which to populate the volume + with data, if a non-empty volume is desired. + This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed if the + type of the specified object matches some + installed volume populator or dynamic + provisioner. This field will replace the + functionality of the dataSource field + and as such if both fields are non-empty, + they must have the same value. For backwards + compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the + same value automatically if one of them + is empty and the other is non-empty. When + namespace is specified in dataSourceRef, + dataSource isn''t set to the same value + and must be empty. There are three important + differences between dataSource and dataSourceRef: + * While dataSource only allows two specific + types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef + preserves all values, and generates an + error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If + APIGroup is not specified, the specified + Kind must be in the core API group. + For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note + that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. See + the ReferenceGrant documentation for + details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are + lower than previous value but must still + be higher than capacity recorded in the + status field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name + of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type + of volume is required by the claim. Value + of Filesystem is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. TODO: how + do we prevent errors in the filesystem from compromising + the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide + identifiers (wwids) Either wwids or combination + of targetWWNs and lun must be set, but not both + simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume + resource that is provisioned/attached using an exec + based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". The + default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to + false (read/write). ReadOnly here will force the + ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is + reference to the secret object containing sensitive + information to pass to the plugin scripts. This + may be empty if no secret object is specified. + If the secret object contains more than one secret, + all secrets are passed to the plugin scripts.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset for + Flocker should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + partition: + description: 'partition is the partition in the + volume that you want to mount. If omitted, the + default is to mount by volume name. Examples: + For volume /dev/sda1, you specify the partition + as "1". Similarly, the volume partition for /dev/sda + is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at + a particular revision. DEPRECATED: GitRepo is deprecated. + To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo + using git, then mount the EmptyDir into the Pod''s + container.' + properties: + directory: + description: directory is the target directory name. + Must not contain or start with '..'. If '.' is + supplied, the volume directory will be the git + repository. Otherwise, if specified, the volume + will contain the git repository in the subdirectory + with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file + or directory on the host machine that is directly + exposed to the container. This is generally used for + system agents or other privileged things that are + allowed to see the host machine. Most containers will + NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use + host directory mounts and who can/can not mount host + directories as read/write.' + properties: + path: + description: 'path of the directory on the host. + If the path is a symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name + that uses an iSCSI transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP + ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. + The Portal is either an IP or ip_addr:port if + the port is other than default (typically TCP + ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host + that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same + namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type + to mount Must be a filesystem type supported by + the host operating system. Ex. "ext4", "xfs". + Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path + are not affected by this setting. This might be + in conflict with other options that affect the + file mode, like fsGroup, and the result can be + other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: items if unspecified, each + key-value pair in the Data field of + the referenced ConfigMap will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, + JSON requires decimal values for + mode bits. If not specified, the + volume defaultMode will be used. + This might be in conflict with + other options that affect the + file mode, like fsGroup, and the + result can be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu and + requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: items if unspecified, each + key-value pair in the Data field of + the referenced Secret will be projected + into the volume as a file whose name + is the key and content is the value. + If specified, the listed keys will be + projected into the specified paths, + and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + If not specified, the volume defaultMode + will be used. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: audience is the intended + audience of the token. A recipient of + a token must identify itself with an + identifier specified in the audience + of the token, and otherwise should reject + the token. The audience defaults to + the identifier of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the + requested duration of validity of the + service account token. As the token + approaches expiration, the kubelet volume + plugin will proactively rotate the service + account token. The kubelet will start + trying to rotate the token if the token + is older than 80 percent of its time + to live or if the token is older than + 24 hours.Defaults to 1 hour and must + be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative + to the mount point of the file to project + the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default + is no group + type: string + readOnly: + description: readOnly here will force the Quobyte + volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string + as host:port pair (multiple entries are separated + with commas) which acts as the central registry + for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned + Quobyte volumes, value is set by the plugin + type: string + user: + description: user to map volume access to Defaults + to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' + type: string + image: + description: 'image is the rados image name. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for + RBDUser. Default is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default + is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default + is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Default + is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret + for ScaleIO user and other sensitive information. + If this is not provided, Login operation will + fail. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume + already created in the ScaleIO system that is + associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present in + the Secret, the volume setup will error unless + it is marked optional. Paths must be relative + and may not contain the '..' path or start with + '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. Must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON + requires decimal values for mode bits. If + not specified, the volume defaultMode will + be used. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be an + absolute path. May not contain the path + element '..'. May not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret + in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use + for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name + of the StorageOS volume. Volume names are only + unique within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope + of the volume within StorageOS. If no namespace + is specified then the Pod's namespace will be + used. This allows the Kubernetes name scoping + to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default + behaviour. Set to "default" if you are not using + namespaces within StorageOS. Namespaces that do + not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + updateStrategy: + description: updateStrategy indicates the StatefulSetUpdateStrategy + that will be employed to update Pods in the RSM when a revision + is made to Template. UpdateStrategy.Type will be set to appsv1.OnDeleteStatefulSetStrategyType + if MemberUpdateStrategy is not nil + properties: + rollingUpdate: + description: RollingUpdate is used to communicate parameters when + Type is RollingUpdateStatefulSetStrategyType. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable + during the update. Value can be an absolute number (ex: + 5) or a percentage of desired pods (ex: 10%). Absolute number + is calculated from percentage by rounding up. This can not + be 0. Defaults to 1. This field is alpha-level and is only + honored by servers that enable the MaxUnavailableStatefulSet + feature. The field applies to all pods in the range 0 to + Replicas-1. That means if there is any unavailable pod in + the range 0 to Replicas-1, it will be counted towards MaxUnavailable.' + x-kubernetes-int-or-string: true + partition: + description: Partition indicates the ordinal at which the + StatefulSet should be partitioned for updates. During a + rolling update, all pods from ordinal Replicas-1 to Partition + are updated. All pods from ordinal Partition-1 to 0 remain + untouched. This is helpful in being able to do a canary + based deployment. The default value is 0. + format: int32 + type: integer + type: object + type: + description: Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + volumeClaimTemplates: + description: volumeClaimTemplates is a list of claims that pods are + allowed to reference. The ReplicatedStateMachine controller is responsible + for mapping network identities to claims in a way that maintains + the identity of a pod. Every claim in this list must have at least + one matching (by name) volumeMount in one container in the template. + A claim in this list takes precedence over any volumes in the template, + with the same name. + items: + description: PersistentVolumeClaim is a user's request for and claim + to a persistent volume + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: 'spec defines the desired characteristics of a + volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified data + source, it will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will be copied + to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from which + to populate the volume with data, if a non-empty volume + is desired. This may be any object from a non-empty API + group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only + succeed if the type of the specified object matches some + installed volume populator or dynamic provisioner. This + field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they must + have the same value. For backwards compatibility, when + namespace isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other + is non-empty. When namespace is specified in dataSourceRef, + dataSource isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows two + specific types of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. * While + dataSource ignores disallowed values (dropping them), + dataSourceRef preserves all values, and generates an error + if a disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but must + still be higher than capacity recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where + this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: When a controller receives persistentvolume + claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that + update and let other controllers handle it. + type: string + description: "allocatedResourceStatuses stores status of + resource being resized for the given PVC. Key names follow + standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" Apart + from above values - keys that are unprefixed or have kubernetes.io + prefix are considered reserved and hence may not be used. + \n ClaimResourceStatus can be in any of following states: + - ControllerResizeInProgress: State set when resize controller + starts resizing the volume in control-plane. - ControllerResizeFailed: + State set when resize has failed in resize controller + with a terminal error. - NodeResizePending: State set + when resize controller has finished resizing the volume + but further resizing of volume is needed on the node. + - NodeResizeInProgress: State set when kubelet starts + resizing the volume. - NodeResizeFailed: State set when + resizing has failed in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. For example: + if expanding a PVC for more capacity - this field can + be one of the following states: - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this field is not set, it + means that no resize operation is in progress for the + given PVC. \n A controller that receives PVC update with + previously unknown resourceName or ClaimResourceStatus + should ignore the update for the purpose it was designed. + For example - a controller that only is responsible for + resizing capacity of the volume, should ignore PVC updates + that change other valid resources associated with PVC. + \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources allocated + to a PVC including its capacity. Key names follow standard + Kubernetes label syntax. Valid values are either: * Un-prefixed + keys: - storage - the capacity of the volume. * Custom + resources must use implementation-defined prefixed names + such as \"example.com/my-custom-resource\" Apart from + above values - keys that are unprefixed or have kubernetes.io + prefix are considered reserved and hence may not be used. + \n Capacity reported here may be larger than the actual + capacity when a volume expansion operation is requested. + For storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request is + lowered, allocatedResources is only lowered if there are + no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested capacity. + \n A controller that receives PVC update with previously + unknown resourceName should ignore the update for the + purpose it was designed. For example - a controller that + only is responsible for resizing capacity of the volume, + should ignore PVC updates that change other valid resources + associated with PVC. \n This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources of + the underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains details + about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed the + condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be a + short, machine understandable string that gives + the reason for condition's last transition. If it + reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + required: + - selector + - serviceName + - template + type: object + status: + description: ReplicatedStateMachineStatus defines the observed state of + ReplicatedStateMachine + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this statefulset. + format: int32 + type: integer + collisionCount: + description: collisionCount is the count of hash collisions for the + StatefulSet. The StatefulSet controller uses this field as a collision + avoidance mechanism when it needs to create the name for the newest + ControllerRevision. + format: int32 + type: integer + conditions: + description: Represents the latest available observations of a statefulset's + current state. + items: + description: StatefulSetCondition describes the state of a statefulset + at a certain point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of statefulset condition. + type: string + required: + - status + - type + type: object + type: array + currentGeneration: + description: CurrentGeneration, if not empty, indicates the version + of the RSM used to generate the underlying workload + format: int64 + type: integer + currentReplicas: + description: currentReplicas is the number of Pods created by the + StatefulSet controller from the StatefulSet version indicated by + currentRevision. + format: int32 + type: integer + currentRevision: + description: currentRevision, if not empty, indicates the version + of the StatefulSet used to generate Pods in the sequence [0,currentReplicas). + type: string + initReplicas: + description: InitReplicas is the number of pods(members) when cluster + first initialized it's set to spec.Replicas at object creation time + and never changes + format: int32 + type: integer + membersStatus: + description: members' status. + items: + properties: + podName: + default: Unknown + description: PodName pod name. + type: string + readyWithoutPrimary: + description: Is it required for rsm to have at least one primary + pod to be ready. + type: boolean + role: + properties: + accessMode: + default: ReadWrite + description: AccessMode, what service this member capable. + enum: + - None + - Readonly + - ReadWrite + type: string + canVote: + default: true + description: CanVote, whether this member has voting rights + type: boolean + isLeader: + default: false + description: IsLeader, whether this member is the leader + type: boolean + name: + default: leader + description: Name, role name. + type: string + required: + - accessMode + - name + type: object + required: + - podName + - role + type: object + type: array + observedGeneration: + description: observedGeneration is the most recent generation observed + for this StatefulSet. It corresponds to the StatefulSet's generation, + which is updated on mutation by the API Server. + format: int64 + type: integer + readyInitReplicas: + description: ReadyInitReplicas is the number of pods(members) already + in MembersStatus in the cluster initialization stage will never + change once equals to InitReplicas + format: int32 + type: integer + readyReplicas: + description: readyReplicas is the number of pods created for this + StatefulSet with a Ready Condition. + format: int32 + type: integer + replicas: + description: replicas is the number of Pods created by the StatefulSet + controller. + format: int32 + type: integer + updateRevision: + description: updateRevision, if not empty, indicates the version of + the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas) + type: string + updatedReplicas: + description: updatedReplicas is the number of Pods created by the + StatefulSet controller from the StatefulSet version indicated by + updateRevision. + format: int32 + type: integer + required: + - initReplicas + - replicas + type: object + type: object + served: true + storage: true + subresources: + status: {} + diff --git a/schema/acme.cert-manager.io/challenge_v1alpha2.json b/schema/acme.cert-manager.io/challenge_v1alpha2.json index 97afd0399..9e0acaf86 100644 --- a/schema/acme.cert-manager.io/challenge_v1alpha2.json +++ b/schema/acme.cert-manager.io/challenge_v1alpha2.json @@ -1,1159 +1,1386 @@ { + "description": "Challenge is a type to represent a Challenge request with an ACME server", + "type": "object", + "required": [ + "metadata" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "authzURL", + "dnsName", + "issuerRef", + "key", + "solver", + "token", + "type", + "url" + ], "properties": { "authzURL": { + "description": "AuthzURL is the URL to the ACME Authorization resource that this challenge is a part of.", "type": "string" }, "dnsName": { + "description": "DNSName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.", "type": "string" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef references a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "key": { + "description": "Key is the ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `\u003cprivate key JWK thumbprint\u003e.\u003ckey from acme server for challenge\u003e`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `\u003cprivate key JWK thumbprint\u003e.\u003ckey from acme server for challenge\u003e` text that must be set as the TXT record content.", "type": "string" }, "solver": { - "additionalProperties": false, + "description": "Solver contains the domain solving configuration that should be used to solve this challenge resource.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmedns": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azuredns": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "clouddns": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "token": { + "description": "Token is the ACME challenge token for this challenge. This is the raw value returned from the ACME server.", "type": "string" }, "type": { + "description": "Type is the type of ACME challenge this resource represents. One of \"http-01\" or \"dns-01\".", + "type": "string", "enum": [ "http-01", "dns-01" - ], - "type": "string" + ] }, "url": { + "description": "URL is the URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge.", "type": "string" }, "wildcard": { + "description": "Wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'.", "type": "boolean" } }, - "required": [ - "authzURL", - "dnsName", - "issuerRef", - "key", - "solver", - "token", - "type", - "url" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "presented": { + "description": "Presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured).", "type": "boolean" }, "processing": { + "description": "Processing is used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action.", "type": "boolean" }, "reason": { + "description": "Reason contains human readable information on why the Challenge is in the current state.", "type": "string" }, "state": { + "description": "State contains the current 'state' of the challenge. If not set, the state of the challenge is unknown.", + "type": "string", "enum": [ "valid", "ready", @@ -1162,15 +1389,10 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "metadata" - ], - "type": "object" + } } diff --git a/schema/acme.cert-manager.io/challenge_v1alpha3.json b/schema/acme.cert-manager.io/challenge_v1alpha3.json index 97afd0399..9e0acaf86 100644 --- a/schema/acme.cert-manager.io/challenge_v1alpha3.json +++ b/schema/acme.cert-manager.io/challenge_v1alpha3.json @@ -1,1159 +1,1386 @@ { + "description": "Challenge is a type to represent a Challenge request with an ACME server", + "type": "object", + "required": [ + "metadata" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "authzURL", + "dnsName", + "issuerRef", + "key", + "solver", + "token", + "type", + "url" + ], "properties": { "authzURL": { + "description": "AuthzURL is the URL to the ACME Authorization resource that this challenge is a part of.", "type": "string" }, "dnsName": { + "description": "DNSName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.", "type": "string" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef references a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "key": { + "description": "Key is the ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `\u003cprivate key JWK thumbprint\u003e.\u003ckey from acme server for challenge\u003e`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `\u003cprivate key JWK thumbprint\u003e.\u003ckey from acme server for challenge\u003e` text that must be set as the TXT record content.", "type": "string" }, "solver": { - "additionalProperties": false, + "description": "Solver contains the domain solving configuration that should be used to solve this challenge resource.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmedns": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azuredns": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "clouddns": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "token": { + "description": "Token is the ACME challenge token for this challenge. This is the raw value returned from the ACME server.", "type": "string" }, "type": { + "description": "Type is the type of ACME challenge this resource represents. One of \"http-01\" or \"dns-01\".", + "type": "string", "enum": [ "http-01", "dns-01" - ], - "type": "string" + ] }, "url": { + "description": "URL is the URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge.", "type": "string" }, "wildcard": { + "description": "Wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'.", "type": "boolean" } }, - "required": [ - "authzURL", - "dnsName", - "issuerRef", - "key", - "solver", - "token", - "type", - "url" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "presented": { + "description": "Presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured).", "type": "boolean" }, "processing": { + "description": "Processing is used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action.", "type": "boolean" }, "reason": { + "description": "Reason contains human readable information on why the Challenge is in the current state.", "type": "string" }, "state": { + "description": "State contains the current 'state' of the challenge. If not set, the state of the challenge is unknown.", + "type": "string", "enum": [ "valid", "ready", @@ -1162,15 +1389,10 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "metadata" - ], - "type": "object" + } } diff --git a/schema/acme.cert-manager.io/challenge_v1beta1.json b/schema/acme.cert-manager.io/challenge_v1beta1.json index 3e8a5d03d..346bd420c 100644 --- a/schema/acme.cert-manager.io/challenge_v1beta1.json +++ b/schema/acme.cert-manager.io/challenge_v1beta1.json @@ -1,1159 +1,1387 @@ { + "description": "Challenge is a type to represent a Challenge request with an ACME server", + "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "authorizationURL", + "dnsName", + "issuerRef", + "key", + "solver", + "token", + "type", + "url" + ], "properties": { "authorizationURL": { + "description": "The URL to the ACME Authorization resource that this challenge is a part of.", "type": "string" }, "dnsName": { + "description": "dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.", "type": "string" }, "issuerRef": { - "additionalProperties": false, + "description": "References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "key": { + "description": "The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `\u003cprivate key JWK thumbprint\u003e.\u003ckey from acme server for challenge\u003e`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `\u003cprivate key JWK thumbprint\u003e.\u003ckey from acme server for challenge\u003e` text that must be set as the TXT record content.", "type": "string" }, "solver": { - "additionalProperties": false, + "description": "Contains the domain solving configuration that should be used to solve this challenge resource.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmeDNS": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azureDNS": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "cloudDNS": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "token": { + "description": "The ACME challenge token for this challenge. This is the raw value returned from the ACME server.", "type": "string" }, "type": { + "description": "The type of ACME challenge this resource represents. One of \"HTTP-01\" or \"DNS-01\".", + "type": "string", "enum": [ "HTTP-01", "DNS-01" - ], - "type": "string" + ] }, "url": { + "description": "The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge.", "type": "string" }, "wildcard": { + "description": "wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'.", "type": "boolean" } }, - "required": [ - "authorizationURL", - "dnsName", - "issuerRef", - "key", - "solver", - "token", - "type", - "url" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "presented": { + "description": "presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured).", "type": "boolean" }, "processing": { + "description": "Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action.", "type": "boolean" }, "reason": { + "description": "Contains human readable information on why the Challenge is in the current state.", "type": "string" }, "state": { + "description": "Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown.", + "type": "string", "enum": [ "valid", "ready", @@ -1162,16 +1390,10 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" + } } diff --git a/schema/acme.cert-manager.io/order_v1alpha2.json b/schema/acme.cert-manager.io/order_v1alpha2.json index 30e2b961d..220f2df75 100644 --- a/schema/acme.cert-manager.io/order_v1alpha2.json +++ b/schema/acme.cert-manager.io/order_v1alpha2.json @@ -1,98 +1,128 @@ { + "description": "Order is a type to represent an Order with an ACME server", + "type": "object", + "required": [ + "metadata" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "csr", + "issuerRef" + ], "properties": { "commonName": { + "description": "CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR.", "type": "string" }, "csr": { - "format": "byte", - "type": "string" + "description": "Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order.", + "type": "string", + "format": "byte" }, "dnsNames": { + "description": "DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "duration": { + "description": "Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec.", "type": "string" }, "ipAddresses": { + "description": "IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "csr", - "issuerRef" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "authorizations": { + "description": "Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource.", + "type": "object", + "required": [ + "url" + ], "properties": { "challenges": { + "description": "Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process.", + "type": "object", + "required": [ + "token", + "type", + "url" + ], "properties": { "token": { + "description": "Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented.", "type": "string" }, "type": { + "description": "Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored.", "type": "string" }, "url": { + "description": "URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server.", "type": "string" } }, - "required": [ - "token", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "identifier": { + "description": "Identifier is the DNS name to be validated as part of this authorization", "type": "string" }, "initialState": { + "description": "InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created.", + "type": "string", "enum": [ "valid", "ready", @@ -101,38 +131,41 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] }, "url": { + "description": "URL is the URL of the Authorization that must be completed", "type": "string" }, "wildcard": { + "description": "Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'.", "type": "boolean" } }, - "required": [ - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "certificate": { - "format": "byte", - "type": "string" + "description": "Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state.", + "type": "string", + "format": "byte" }, "failureTime": { - "format": "date-time", - "type": "string" + "description": "FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off.", + "type": "string", + "format": "date-time" }, "finalizeURL": { + "description": "FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed.", "type": "string" }, "reason": { + "description": "Reason optionally provides more information about a why the order is in the current state.", "type": "string" }, "state": { + "description": "State contains the current state of this Order resource. States 'success' and 'expired' are 'final'", + "type": "string", "enum": [ "valid", "ready", @@ -141,18 +174,14 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] }, "url": { + "description": "URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set.", "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "metadata" - ], - "type": "object" + } } diff --git a/schema/acme.cert-manager.io/order_v1alpha3.json b/schema/acme.cert-manager.io/order_v1alpha3.json index 30e2b961d..220f2df75 100644 --- a/schema/acme.cert-manager.io/order_v1alpha3.json +++ b/schema/acme.cert-manager.io/order_v1alpha3.json @@ -1,98 +1,128 @@ { + "description": "Order is a type to represent an Order with an ACME server", + "type": "object", + "required": [ + "metadata" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "csr", + "issuerRef" + ], "properties": { "commonName": { + "description": "CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR.", "type": "string" }, "csr": { - "format": "byte", - "type": "string" + "description": "Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order.", + "type": "string", + "format": "byte" }, "dnsNames": { + "description": "DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "duration": { + "description": "Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec.", "type": "string" }, "ipAddresses": { + "description": "IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "csr", - "issuerRef" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "authorizations": { + "description": "Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource.", + "type": "object", + "required": [ + "url" + ], "properties": { "challenges": { + "description": "Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process.", + "type": "object", + "required": [ + "token", + "type", + "url" + ], "properties": { "token": { + "description": "Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented.", "type": "string" }, "type": { + "description": "Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored.", "type": "string" }, "url": { + "description": "URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server.", "type": "string" } }, - "required": [ - "token", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "identifier": { + "description": "Identifier is the DNS name to be validated as part of this authorization", "type": "string" }, "initialState": { + "description": "InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created.", + "type": "string", "enum": [ "valid", "ready", @@ -101,38 +131,41 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] }, "url": { + "description": "URL is the URL of the Authorization that must be completed", "type": "string" }, "wildcard": { + "description": "Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'.", "type": "boolean" } }, - "required": [ - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "certificate": { - "format": "byte", - "type": "string" + "description": "Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state.", + "type": "string", + "format": "byte" }, "failureTime": { - "format": "date-time", - "type": "string" + "description": "FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off.", + "type": "string", + "format": "date-time" }, "finalizeURL": { + "description": "FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed.", "type": "string" }, "reason": { + "description": "Reason optionally provides more information about a why the order is in the current state.", "type": "string" }, "state": { + "description": "State contains the current state of this Order resource. States 'success' and 'expired' are 'final'", + "type": "string", "enum": [ "valid", "ready", @@ -141,18 +174,14 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] }, "url": { + "description": "URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set.", "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "metadata" - ], - "type": "object" + } } diff --git a/schema/acme.cert-manager.io/order_v1beta1.json b/schema/acme.cert-manager.io/order_v1beta1.json index 5c7491b31..3f8f7a7cf 100644 --- a/schema/acme.cert-manager.io/order_v1beta1.json +++ b/schema/acme.cert-manager.io/order_v1beta1.json @@ -1,98 +1,129 @@ { + "description": "Order is a type to represent an Order with an ACME server", + "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "issuerRef", + "request" + ], "properties": { "commonName": { + "description": "CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR.", "type": "string" }, "dnsNames": { + "description": "DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "duration": { + "description": "Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec.", "type": "string" }, "ipAddresses": { + "description": "IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "request": { - "format": "byte", - "type": "string" + "description": "Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order.", + "type": "string", + "format": "byte" } }, - "required": [ - "issuerRef", - "request" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "authorizations": { + "description": "Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource.", + "type": "object", + "required": [ + "url" + ], "properties": { "challenges": { + "description": "Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process.", + "type": "object", + "required": [ + "token", + "type", + "url" + ], "properties": { "token": { + "description": "Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented.", "type": "string" }, "type": { + "description": "Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored.", "type": "string" }, "url": { + "description": "URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server.", "type": "string" } }, - "required": [ - "token", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "identifier": { + "description": "Identifier is the DNS name to be validated as part of this authorization", "type": "string" }, "initialState": { + "description": "InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created.", + "type": "string", "enum": [ "valid", "ready", @@ -101,38 +132,41 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] }, "url": { + "description": "URL is the URL of the Authorization that must be completed", "type": "string" }, "wildcard": { + "description": "Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'.", "type": "boolean" } }, - "required": [ - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "certificate": { - "format": "byte", - "type": "string" + "description": "Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state.", + "type": "string", + "format": "byte" }, "failureTime": { - "format": "date-time", - "type": "string" + "description": "FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off.", + "type": "string", + "format": "date-time" }, "finalizeURL": { + "description": "FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed.", "type": "string" }, "reason": { + "description": "Reason optionally provides more information about a why the order is in the current state.", "type": "string" }, "state": { + "description": "State contains the current state of this Order resource. States 'success' and 'expired' are 'final'", + "type": "string", "enum": [ "valid", "ready", @@ -141,19 +175,14 @@ "invalid", "expired", "errored" - ], - "type": "string" + ] }, "url": { + "description": "URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set.", "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" + } } diff --git a/schema/apiextensions.crossplane.io/compositeresourcedefinition_v1beta1.json b/schema/apiextensions.crossplane.io/compositeresourcedefinition_v1beta1.json index f126e4712..10b121c26 100644 --- a/schema/apiextensions.crossplane.io/compositeresourcedefinition_v1beta1.json +++ b/schema/apiextensions.crossplane.io/compositeresourcedefinition_v1beta1.json @@ -1,16 +1,20 @@ { + "description": "An CompositeResourceDefinition defines a new kind of composite infrastructure resource. The new resource is composed of other composite or managed infrastructure resources. [DEPRECATED]: Please use the identical v1 API instead. The v1beta1 API is scheduled to be removed in Crossplane v1.6.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CompositeResourceDefinitionSpec specifies the desired state of the definition.", "type": "object", "required": [ "group", @@ -19,6 +23,7 @@ ], "properties": { "claimNames": { + "description": "ClaimNames specifies the names of an optional composite resource claim. When claim names are specified Crossplane will create a namespaced 'composite resource claim' CRD that corresponds to the defined composite resource. This composite resource claim acts as a namespaced proxy for the composite resource; creating, updating, or deleting the claim will create, update, or delete a corresponding composite resource. You may add claim names to an existing CompositeResourceDefinition, but they cannot be changed or removed once they have been set.", "type": "object", "required": [ "kind", @@ -26,66 +31,79 @@ ], "properties": { "categories": { + "description": "categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like `kubectl get all`.", "type": "array", "items": { "type": "string" } }, "kind": { + "description": "kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the `kind` attribute in API calls.", "type": "string" }, "listKind": { + "description": "listKind is the serialized kind of the list for this resource. Defaults to \"`kind`List\".", "type": "string" }, "plural": { + "description": "plural is the plural name of the resource to serve. The custom resources are served under `/apis/\u003cgroup\u003e/\u003cversion\u003e/.../\u003cplural\u003e`. Must match the name of the CustomResourceDefinition (in the form `\u003cnames.plural\u003e.\u003cgroup\u003e`). Must be all lowercase.", "type": "string" }, "shortNames": { + "description": "shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get \u003cshortname\u003e`. It must be all lowercase.", "type": "array", "items": { "type": "string" } }, "singular": { + "description": "singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.", "type": "string" } }, "additionalProperties": false }, "connectionSecretKeys": { + "description": "ConnectionSecretKeys is the list of keys that will be exposed to the end user of the defined kind.", "type": "array", "items": { "type": "string" } }, "defaultCompositionRef": { + "description": "DefaultCompositionRef refers to the Composition resource that will be used in case no composition selector is given.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" } }, "additionalProperties": false }, "enforcedCompositionRef": { + "description": "EnforcedCompositionRef refers to the Composition resource that will be used by all composite instances whose schema is defined by this definition.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" } }, "additionalProperties": false }, "group": { + "description": "Group specifies the API group of the defined composite resource. Composite resources are served under `/apis/\u003cgroup\u003e/...`. Must match the name of the XRD (in the form `\u003cnames.plural\u003e.\u003cgroup\u003e`).", "type": "string" }, "names": { + "description": "Names specifies the resource and kind names of the defined composite resource.", "type": "object", "required": [ "kind", @@ -93,35 +111,43 @@ ], "properties": { "categories": { + "description": "categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like `kubectl get all`.", "type": "array", "items": { "type": "string" } }, "kind": { + "description": "kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the `kind` attribute in API calls.", "type": "string" }, "listKind": { + "description": "listKind is the serialized kind of the list for this resource. Defaults to \"`kind`List\".", "type": "string" }, "plural": { + "description": "plural is the plural name of the resource to serve. The custom resources are served under `/apis/\u003cgroup\u003e/\u003cversion\u003e/.../\u003cplural\u003e`. Must match the name of the CustomResourceDefinition (in the form `\u003cnames.plural\u003e.\u003cgroup\u003e`). Must be all lowercase.", "type": "string" }, "shortNames": { + "description": "shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get \u003cshortname\u003e`. It must be all lowercase.", "type": "array", "items": { "type": "string" } }, "singular": { + "description": "singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`.", "type": "string" } }, "additionalProperties": false }, "versions": { + "description": "Versions is the list of all API versions of the defined composite resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is \"kube-like\", it will sort above non \"kube-like\" version strings, which are ordered lexicographically. \"Kube-like\" versions start with a \"v\", then are followed by a number (the major version), then optionally the string \"alpha\" or \"beta\" and another number (the minor version). These are sorted first by GA \u003e beta \u003e alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. Note that all versions must have identical schemas; Crossplane does not currently support conversion between different version schemas.", "type": "array", "items": { + "description": "CompositeResourceDefinitionVersion describes a version of an XR.", "type": "object", "required": [ "name", @@ -130,8 +156,10 @@ ], "properties": { "additionalPrinterColumns": { + "description": "AdditionalPrinterColumns specifies additional columns returned in Table output. If no columns are specified, a single column displaying the age of the custom resource is used. See the following link for details: https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables", "type": "array", "items": { + "description": "CustomResourceColumnDefinition specifies a column for server side printing.", "type": "object", "required": [ "jsonPath", @@ -140,22 +168,28 @@ ], "properties": { "description": { + "description": "description is a human readable description of this column.", "type": "string" }, "format": { + "description": "format is an optional OpenAPI type definition for this column. The 'name' format is applied to the primary identifier column to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.", "type": "string" }, "jsonPath": { + "description": "jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against each custom resource to produce the value for this column.", "type": "string" }, "name": { + "description": "name is a human readable name for the column.", "type": "string" }, "priority": { + "description": "priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a priority greater than 0.", "type": "integer", "format": "int32" }, "type": { + "description": "type is an OpenAPI type definition for this column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.", "type": "string" } }, @@ -163,15 +197,19 @@ } }, "name": { + "description": "Name of this version, e.g. “v1”, “v2beta1”, etc. Composite resources are served under this version at `/apis/\u003cgroup\u003e/\u003cversion\u003e/...` if `served` is true.", "type": "string" }, "referenceable": { + "description": "Referenceable specifies that this version may be referenced by a Composition in order to configure which resources an XR may be composed of. Exactly one version must be marked as referenceable; all Compositions must target only the referenceable version. The referenceable version must be served.", "type": "boolean" }, "schema": { + "description": "Schema describes the schema used for validation, pruning, and defaulting of this version of the defined composite resource. Fields required by all composite resources will be injected into this schema automatically, and will override equivalently named fields in this schema. Omitting this schema results in a schema that contains only the fields required by all composite resources.", "type": "object", "properties": { "openAPIV3Schema": { + "description": "OpenAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning.", "type": "object", "x-kubernetes-preserve-unknown-fields": true } @@ -179,6 +217,7 @@ "additionalProperties": false }, "served": { + "description": "Served specifies that this version should be served via REST APIs.", "type": "boolean" } }, @@ -189,11 +228,14 @@ "additionalProperties": false }, "status": { + "description": "CompositeResourceDefinitionStatus shows the observed state of the definition.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -203,19 +245,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, @@ -223,9 +270,11 @@ } }, "controllers": { + "description": "Controllers represents the status of the controllers that power this composite resource definition.", "type": "object", "properties": { "compositeResourceClaimType": { + "description": "The CompositeResourceClaimTypeRef is the type of composite resource claim that Crossplane is currently reconciling for this definition. Its version will eventually become consistent with the definition's referenceable version. Note that clients may interact with any served type; this is simply the type that Crossplane interacts with.", "type": "object", "required": [ "apiVersion", @@ -233,15 +282,18 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the type.", "type": "string" }, "kind": { + "description": "Kind of the type.", "type": "string" } }, "additionalProperties": false }, "compositeResourceType": { + "description": "The CompositeResourceTypeRef is the type of composite resource that Crossplane is currently reconciling for this definition. Its version will eventually become consistent with the definition's referenceable version. Note that clients may interact with any served type; this is simply the type that Crossplane interacts with.", "type": "object", "required": [ "apiVersion", @@ -249,9 +301,11 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the type.", "type": "string" }, "kind": { + "description": "Kind of the type.", "type": "string" } }, diff --git a/schema/apiextensions.crossplane.io/composition_v1beta1.json b/schema/apiextensions.crossplane.io/composition_v1beta1.json index bf9c9af90..29e144829 100644 --- a/schema/apiextensions.crossplane.io/composition_v1beta1.json +++ b/schema/apiextensions.crossplane.io/composition_v1beta1.json @@ -1,16 +1,20 @@ { + "description": "Composition defines the group of resources to be created when a compatible type is created with reference to the composition. [DEPRECATED]: Please use the identical v1 API instead. The v1beta1 API is scheduled to be removed in Crossplane v1.6.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CompositionSpec specifies the desired state of the composition.", "type": "object", "required": [ "compositeTypeRef", @@ -18,6 +22,7 @@ ], "properties": { "compositeTypeRef": { + "description": "CompositeTypeRef specifies the type of composite resource that this composition is compatible with.", "type": "object", "required": [ "apiVersion", @@ -25,17 +30,21 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the type.", "type": "string" }, "kind": { + "description": "Kind of the type.", "type": "string" } }, "additionalProperties": false }, "patchSets": { + "description": "PatchSets define a named set of patches that may be included by any resource in this Composition. PatchSets cannot themselves refer to other PatchSets.", "type": "array", "items": { + "description": "A PatchSet is a set of patches that can be reused from all resources within a Composition.", "type": "object", "required": [ "name", @@ -43,14 +52,18 @@ ], "properties": { "name": { + "description": "Name of this PatchSet.", "type": "string" }, "patches": { + "description": "Patches will be applied as an overlay to the base resource.", "type": "array", "items": { + "description": "Patch objects are applied between composite and composed resources. Their behaviour depends on the Type selected. The default Type, FromCompositeFieldPath, copies a value from the composite resource to the composed resource, applying any defined transformers.", "type": "object", "properties": { "combine": { + "description": "Combine is the patch configuration for a CombineFromComposite or CombineToComposite patch.", "type": "object", "required": [ "strategy", @@ -58,33 +71,39 @@ ], "properties": { "strategy": { + "description": "Strategy defines the strategy to use to combine the input variable values. Currently only string is supported.", "type": "string", "enum": [ "string" ] }, "string": { + "description": "String declares that input variables should be combined into a single string, using the relevant settings for formatting purposes.", "type": "object", "required": [ "fmt" ], "properties": { "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" } }, "additionalProperties": false }, "variables": { + "description": "Variables are the list of variables whose values will be retrieved and combined.", "type": "array", "minItems": 1, "items": { + "description": "A CombineVariable defines the source of a value that is combined with others to form and patch an output value. Currently, this only supports retrieving values from a field path.", "type": "object", "required": [ "fromFieldPath" ], "properties": { "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the source whose value is to be used as input.", "type": "string" } }, @@ -95,15 +114,19 @@ "additionalProperties": false }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the resource whose value is to be used as input. Required when type is FromCompositeFieldPath or ToCompositeFieldPath.", "type": "string" }, "patchSetName": { + "description": "PatchSetName to include patches from. Required when type is PatchSet.", "type": "string" }, "policy": { + "description": "Policy configures the specifics of patching behaviour.", "type": "object", "properties": { "fromFieldPath": { + "description": "FromFieldPath specifies how to patch from a field path. The default is 'Optional', which means the patch will be a no-op if the specified fromFieldPath does not exist. Use 'Required' if the patch should fail if the specified path does not exist.", "type": "string", "enum": [ "Optional", @@ -111,12 +134,15 @@ ] }, "mergeOptions": { + "description": "MergeOptions Specifies merge options on a field path", "type": "object", "properties": { "appendSlice": { + "description": "Specifies that already existing elements in a merged slice should be preserved", "type": "boolean" }, "keepMapValues": { + "description": "Specifies that already existing values in a merged map should be preserved", "type": "boolean" } }, @@ -126,23 +152,28 @@ "additionalProperties": false }, "toFieldPath": { + "description": "ToFieldPath is the path of the field on the resource whose value will be changed with the result of transforms. Leave empty if you'd like to propagate to the same path as fromFieldPath.", "type": "string" }, "transforms": { + "description": "Transforms are the list of functions that are used as a FIFO pipe for the input to be transformed.", "type": "array", "items": { + "description": "Transform is a unit of process whose input is transformed into an output with the supplied configuration.", "type": "object", "required": [ "type" ], "properties": { "convert": { + "description": "Convert is used to cast the input into the given output type.", "type": "object", "required": [ "toType" ], "properties": { "toType": { + "description": "ToType is the type of the output of this transform.", "type": "string", "enum": [ "string", @@ -155,15 +186,18 @@ "additionalProperties": false }, "map": { + "description": "Map uses the input as a key in the given map and returns the value.", "type": "object", "additionalProperties": { "type": "string" } }, "math": { + "description": "Math is used to transform the input via mathematical operations such as multiplication.", "type": "object", "properties": { "multiply": { + "description": "Multiply the value.", "type": "integer", "format": "int64" } @@ -171,9 +205,11 @@ "additionalProperties": false }, "string": { + "description": "String is used to transform the input into a string or a different kind of string. Note that the input does not necessarily need to be a string.", "type": "object", "properties": { "convert": { + "description": "Convert the type of conversion to Upper/Lower case.", "type": "string", "enum": [ "ToUpper", @@ -181,9 +217,11 @@ ] }, "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" }, "type": { + "description": "Type of the string transform to be run.", "type": "string", "default": "Format", "enum": [ @@ -195,6 +233,7 @@ "additionalProperties": false }, "type": { + "description": "Type of the transform to be run.", "type": "string", "enum": [ "map", @@ -208,6 +247,7 @@ } }, "type": { + "description": "Type sets the patching behaviour to be used. Each patch type may require its' own fields to be set on the Patch object.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -227,33 +267,42 @@ } }, "resources": { + "description": "Resources is the list of resource templates that will be used when a composite resource referring to this composition is created.", "type": "array", "items": { + "description": "ComposedTemplate is used to provide information about how the composed resource should be processed.", "type": "object", "required": [ "base" ], "properties": { "base": { + "description": "Base is the target resource that the patches will be applied on.", "type": "object", "x-kubernetes-preserve-unknown-fields": true, "x-kubernetes-embedded-resource": true }, "connectionDetails": { + "description": "ConnectionDetails lists the propagation secret keys from this target resource to the composition instance connection secret.", "type": "array", "items": { + "description": "ConnectionDetail includes the information about the propagation of the connection information from one secret to another.", "type": "object", "properties": { "fromConnectionSecretKey": { + "description": "FromConnectionSecretKey is the key that will be used to fetch the value from the given target resource's secret.", "type": "string" }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the composed resource whose value to be used as input. Name must be specified if the type is FromFieldPath is specified.", "type": "string" }, "name": { + "description": "Name of the connection secret key that will be propagated to the connection secret of the composition instance. Leave empty if you'd like to use the same key name.", "type": "string" }, "type": { + "description": "Type sets the connection detail fetching behaviour to be used. Each connection detail type may require its own fields to be set on the ConnectionDetail object. If the type is omitted Crossplane will attempt to infer it based on which other fields were specified.", "type": "string", "enum": [ "FromConnectionSecretKey", @@ -262,6 +311,7 @@ ] }, "value": { + "description": "Value that will be propagated to the connection secret of the composition instance. Typically you should use FromConnectionSecretKey instead, but an explicit value may be set to inject a fixed, non-sensitive connection secret values, for example a well-known port. Supercedes FromConnectionSecretKey when set.", "type": "string" } }, @@ -269,14 +319,18 @@ } }, "name": { + "description": "A Name uniquely identifies this entry within its Composition's resources array. Names are optional but *strongly* recommended. When all entries in the resources array are named entries may added, deleted, and reordered as long as their names do not change. When entries are not named the length and order of the resources array should be treated as immutable. Either all or no entries must be named.", "type": "string" }, "patches": { + "description": "Patches will be applied as overlay to the base resource.", "type": "array", "items": { + "description": "Patch objects are applied between composite and composed resources. Their behaviour depends on the Type selected. The default Type, FromCompositeFieldPath, copies a value from the composite resource to the composed resource, applying any defined transformers.", "type": "object", "properties": { "combine": { + "description": "Combine is the patch configuration for a CombineFromComposite or CombineToComposite patch.", "type": "object", "required": [ "strategy", @@ -284,33 +338,39 @@ ], "properties": { "strategy": { + "description": "Strategy defines the strategy to use to combine the input variable values. Currently only string is supported.", "type": "string", "enum": [ "string" ] }, "string": { + "description": "String declares that input variables should be combined into a single string, using the relevant settings for formatting purposes.", "type": "object", "required": [ "fmt" ], "properties": { "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" } }, "additionalProperties": false }, "variables": { + "description": "Variables are the list of variables whose values will be retrieved and combined.", "type": "array", "minItems": 1, "items": { + "description": "A CombineVariable defines the source of a value that is combined with others to form and patch an output value. Currently, this only supports retrieving values from a field path.", "type": "object", "required": [ "fromFieldPath" ], "properties": { "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the source whose value is to be used as input.", "type": "string" } }, @@ -321,15 +381,19 @@ "additionalProperties": false }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the resource whose value is to be used as input. Required when type is FromCompositeFieldPath or ToCompositeFieldPath.", "type": "string" }, "patchSetName": { + "description": "PatchSetName to include patches from. Required when type is PatchSet.", "type": "string" }, "policy": { + "description": "Policy configures the specifics of patching behaviour.", "type": "object", "properties": { "fromFieldPath": { + "description": "FromFieldPath specifies how to patch from a field path. The default is 'Optional', which means the patch will be a no-op if the specified fromFieldPath does not exist. Use 'Required' if the patch should fail if the specified path does not exist.", "type": "string", "enum": [ "Optional", @@ -337,12 +401,15 @@ ] }, "mergeOptions": { + "description": "MergeOptions Specifies merge options on a field path", "type": "object", "properties": { "appendSlice": { + "description": "Specifies that already existing elements in a merged slice should be preserved", "type": "boolean" }, "keepMapValues": { + "description": "Specifies that already existing values in a merged map should be preserved", "type": "boolean" } }, @@ -352,23 +419,28 @@ "additionalProperties": false }, "toFieldPath": { + "description": "ToFieldPath is the path of the field on the resource whose value will be changed with the result of transforms. Leave empty if you'd like to propagate to the same path as fromFieldPath.", "type": "string" }, "transforms": { + "description": "Transforms are the list of functions that are used as a FIFO pipe for the input to be transformed.", "type": "array", "items": { + "description": "Transform is a unit of process whose input is transformed into an output with the supplied configuration.", "type": "object", "required": [ "type" ], "properties": { "convert": { + "description": "Convert is used to cast the input into the given output type.", "type": "object", "required": [ "toType" ], "properties": { "toType": { + "description": "ToType is the type of the output of this transform.", "type": "string", "enum": [ "string", @@ -381,15 +453,18 @@ "additionalProperties": false }, "map": { + "description": "Map uses the input as a key in the given map and returns the value.", "type": "object", "additionalProperties": { "type": "string" } }, "math": { + "description": "Math is used to transform the input via mathematical operations such as multiplication.", "type": "object", "properties": { "multiply": { + "description": "Multiply the value.", "type": "integer", "format": "int64" } @@ -397,9 +472,11 @@ "additionalProperties": false }, "string": { + "description": "String is used to transform the input into a string or a different kind of string. Note that the input does not necessarily need to be a string.", "type": "object", "properties": { "convert": { + "description": "Convert the type of conversion to Upper/Lower case.", "type": "string", "enum": [ "ToUpper", @@ -407,9 +484,11 @@ ] }, "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" }, "type": { + "description": "Type of the string transform to be run.", "type": "string", "default": "Format", "enum": [ @@ -421,6 +500,7 @@ "additionalProperties": false }, "type": { + "description": "Type of the transform to be run.", "type": "string", "enum": [ "map", @@ -434,6 +514,7 @@ } }, "type": { + "description": "Type sets the patching behaviour to be used. Each patch type may require its' own fields to be set on the Patch object.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -449,24 +530,30 @@ } }, "readinessChecks": { + "description": "ReadinessChecks allows users to define custom readiness checks. All checks have to return true in order for resource to be considered ready. The default readiness check is to have the \"Ready\" condition to be \"True\".", "type": "array", "items": { + "description": "ReadinessCheck is used to indicate how to tell whether a resource is ready for consumption", "type": "object", "required": [ "type" ], "properties": { "fieldPath": { + "description": "FieldPath shows the path of the field whose value will be used.", "type": "string" }, "matchInteger": { + "description": "MatchInt is the value you'd like to match if you're using \"MatchInt\" type.", "type": "integer", "format": "int64" }, "matchString": { + "description": "MatchString is the value you'd like to match if you're using \"MatchString\" type.", "type": "string" }, "type": { + "description": "Type indicates the type of probe you'd like to use.", "type": "string", "enum": [ "MatchString", @@ -484,6 +571,7 @@ } }, "writeConnectionSecretsToNamespace": { + "description": "WriteConnectionSecretsToNamespace specifies the namespace in which the connection secrets of composite resource dynamically provisioned using this composition will be created.", "type": "string" } }, diff --git a/schema/apiextensions.crossplane.io/compositionrevision_v1alpha1.json b/schema/apiextensions.crossplane.io/compositionrevision_v1alpha1.json index 46b9b9bb8..129689799 100644 --- a/schema/apiextensions.crossplane.io/compositionrevision_v1alpha1.json +++ b/schema/apiextensions.crossplane.io/compositionrevision_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "A CompositionRevision represents a revision in time of a Composition. Revisions are created by Crossplane; they should be treated as immutable.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CompositionRevisionSpec specifies the desired state of the composition revision.", "type": "object", "required": [ "compositeTypeRef", @@ -18,6 +22,7 @@ ], "properties": { "compositeTypeRef": { + "description": "CompositeTypeRef specifies the type of composite resource that this composition is compatible with.", "type": "object", "required": [ "apiVersion", @@ -25,49 +30,61 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the type.", "type": "string" }, "kind": { + "description": "Kind of the type.", "type": "string" } }, "additionalProperties": false }, "environment": { + "description": "Environment configures the environment in which resources are rendered.", "type": "object", "properties": { "environmentConfigs": { + "description": "EnvironmentConfigs selects a list of `EnvironmentConfig`s. The resolved resources are stored in the composite resource at `spec.environmentConfigRefs` and is only updated if it is null. \n The list of references is used to compute an in-memory environment at compose time. The data of all object is merged in the order they are listed, meaning the values of EnvironmentConfigs with a larger index take priority over ones with smaller indices. \n The computed environment can be accessed in a composition using `FromEnvironmentFieldPath` and `CombineFromEnvironment` patches.", "type": "array", "items": { + "description": "EnvironmentSource selects a EnvironmentConfig resource.", "type": "object", "properties": { "ref": { + "description": "Ref is a named reference to a single EnvironmentConfig. Either Ref or Selector is required.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "The name of the object.", "type": "string" } }, "additionalProperties": false }, "selector": { + "description": "Selector selects one EnvironmentConfig via labels.", "type": "object", "properties": { "matchLabels": { + "description": "MatchLabels ensures an object with matching labels is selected.", "type": "array", "items": { + "description": "An EnvironmentSourceSelectorLabelMatcher acts like a k8s label selector but can draw the label value from a different path.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "Key of the label to match.", "type": "string" }, "type": { + "description": "Type specifies where the value for a label comes from.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -76,9 +93,11 @@ ] }, "value": { + "description": "Value specifies a literal label value.", "type": "string" }, "valueFromFieldPath": { + "description": "ValueFromFieldPath specifies the field path to look for the label value.", "type": "string" } }, @@ -89,6 +108,7 @@ "additionalProperties": false }, "type": { + "description": "Type specifies the way the EnvironmentConfig is selected. Default is `Reference`", "type": "string", "default": "Reference", "enum": [ @@ -101,11 +121,14 @@ } }, "patches": { + "description": "Patches is a list of environment patches that are executed before a composition's resources are composed.", "type": "array", "items": { + "description": "EnvironmentPatch is a patch for a Composition environment.", "type": "object", "properties": { "combine": { + "description": "Combine is the patch configuration for a CombineFromComposite or CombineToComposite patch.", "type": "object", "required": [ "strategy", @@ -113,33 +136,39 @@ ], "properties": { "strategy": { + "description": "Strategy defines the strategy to use to combine the input variable values. Currently only string is supported.", "type": "string", "enum": [ "string" ] }, "string": { + "description": "String declares that input variables should be combined into a single string, using the relevant settings for formatting purposes.", "type": "object", "required": [ "fmt" ], "properties": { "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" } }, "additionalProperties": false }, "variables": { + "description": "Variables are the list of variables whose values will be retrieved and combined.", "type": "array", "minItems": 1, "items": { + "description": "A CombineVariable defines the source of a value that is combined with others to form and patch an output value. Currently, this only supports retrieving values from a field path.", "type": "object", "required": [ "fromFieldPath" ], "properties": { "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the source whose value is to be used as input.", "type": "string" } }, @@ -150,12 +179,15 @@ "additionalProperties": false }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the resource whose value is to be used as input. Required when type is FromCompositeFieldPath or ToCompositeFieldPath.", "type": "string" }, "policy": { + "description": "Policy configures the specifics of patching behaviour.", "type": "object", "properties": { "fromFieldPath": { + "description": "FromFieldPath specifies how to patch from a field path. The default is 'Optional', which means the patch will be a no-op if the specified fromFieldPath does not exist. Use 'Required' if the patch should fail if the specified path does not exist.", "type": "string", "enum": [ "Optional", @@ -163,12 +195,15 @@ ] }, "mergeOptions": { + "description": "MergeOptions Specifies merge options on a field path", "type": "object", "properties": { "appendSlice": { + "description": "Specifies that already existing elements in a merged slice should be preserved", "type": "boolean" }, "keepMapValues": { + "description": "Specifies that already existing values in a merged map should be preserved", "type": "boolean" } }, @@ -178,29 +213,35 @@ "additionalProperties": false }, "toFieldPath": { + "description": "ToFieldPath is the path of the field on the resource whose value will be changed with the result of transforms. Leave empty if you'd like to propagate to the same path as fromFieldPath.", "type": "string" }, "transforms": { + "description": "Transforms are the list of functions that are used as a FIFO pipe for the input to be transformed.", "type": "array", "items": { + "description": "Transform is a unit of process whose input is transformed into an output with the supplied configuration.", "type": "object", "required": [ "type" ], "properties": { "convert": { + "description": "Convert is used to cast the input into the given output type.", "type": "object", "required": [ "toType" ], "properties": { "format": { + "description": "The expected input format. \n * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). Only used during `string -\u003e float64` conversions. \n If this property is null, the default conversion is applied.", "type": "string", "enum": [ "quantity" ] }, "toType": { + "description": "ToType is the type of the output of this transform.", "type": "string", "enum": [ "string", @@ -214,15 +255,18 @@ "additionalProperties": false }, "map": { + "description": "Map uses the input as a key in the given map and returns the value.", "type": "object", "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true } }, "match": { + "description": "Match is a more complex version of Map that matches a list of patterns.", "type": "object", "properties": { "fallbackTo": { + "description": "Determines to what value the transform should fallback if no pattern matches.", "type": "string", "default": "Value", "enum": [ @@ -231,11 +275,14 @@ ] }, "fallbackValue": { + "description": "The fallback value that should be returned by the transform if now pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "patterns": { + "description": "The patterns that should be tested against the input string. Patterns are tested in order. The value of the first match is used as result of this transform.", "type": "array", "items": { + "description": "MatchTransformPattern is a transform that returns the value that matches a pattern.", "type": "object", "required": [ "result", @@ -243,15 +290,19 @@ ], "properties": { "literal": { + "description": "Literal exactly matches the input string (case sensitive). Is required if `type` is `literal`.", "type": "string" }, "regexp": { + "description": "Regexp to match against the input string. Is required if `type` is `regexp`.", "type": "string" }, "result": { + "description": "The value that is used as result of the transform if the pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "type": { + "description": "Type specifies how the pattern matches the input. \n * `literal` - the pattern value has to exactly match (case sensitive) the input string. This is the default. \n * `regexp` - the pattern treated as a regular expression against which the input string is tested. Crossplane will throw an error if the key is not a valid regexp.", "type": "string", "default": "literal", "enum": [ @@ -267,21 +318,26 @@ "additionalProperties": false }, "math": { + "description": "Math is used to transform the input via mathematical operations such as multiplication.", "type": "object", "properties": { "clampMax": { + "description": "ClampMax makes sure that the value is not bigger than the given value.", "type": "integer", "format": "int64" }, "clampMin": { + "description": "ClampMin makes sure that the value is not smaller than the given value.", "type": "integer", "format": "int64" }, "multiply": { + "description": "Multiply the value.", "type": "integer", "format": "int64" }, "type": { + "description": "Type of the math transform to be run.", "type": "string", "default": "Multiply", "enum": [ @@ -294,9 +350,11 @@ "additionalProperties": false }, "string": { + "description": "String is used to transform the input into a string or a different kind of string. Note that the input does not necessarily need to be a string.", "type": "object", "properties": { "convert": { + "description": "Optional conversion method to be specified. `ToUpper` and `ToLower` change the letter case of the input string. `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON.", "type": "string", "enum": [ "ToUpper", @@ -310,27 +368,33 @@ ] }, "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" }, "regexp": { + "description": "Extract a match from the input using a regular expression.", "type": "object", "required": [ "match" ], "properties": { "group": { + "description": "Group number to match. 0 (the default) matches the entire expression.", "type": "integer" }, "match": { + "description": "Match string. May optionally include submatches, aka capture groups. See https://pkg.go.dev/regexp/ for details.", "type": "string" } }, "additionalProperties": false }, "trim": { + "description": "Trim the prefix or suffix from the input", "type": "string" }, "type": { + "description": "Type of the string transform to be run.", "type": "string", "default": "Format", "enum": [ @@ -345,6 +409,7 @@ "additionalProperties": false }, "type": { + "description": "Type of the transform to be run.", "type": "string", "enum": [ "map", @@ -359,6 +424,7 @@ } }, "type": { + "description": "Type sets the patching behaviour to be used. Each patch type may require its own fields to be set on the Patch object.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -376,8 +442,10 @@ "additionalProperties": false }, "functions": { + "description": "Functions is list of Composition Functions that will be used when a composite resource referring to this composition is created. At least one of resources and functions must be specified. If both are specified the resources will be rendered first, then passed to the functions for further processing.", "type": "array", "items": { + "description": "A Function represents a Composition Function.", "type": "object", "required": [ "name", @@ -385,20 +453,24 @@ ], "properties": { "config": { + "description": "Config is an optional, arbitrary Kubernetes resource (i.e. a resource with an apiVersion and kind) that will be passed to the Composition Function as the 'config' block of its FunctionIO.", "type": "object", "x-kubernetes-preserve-unknown-fields": true, "x-kubernetes-embedded-resource": true }, "container": { + "description": "Container configuration of this function.", "type": "object", "required": [ "image" ], "properties": { "image": { + "description": "Image specifies the OCI image in which the function is packaged. The image should include an entrypoint that reads a FunctionIO from stdin and emits it, optionally mutated, to stdout.", "type": "string" }, "imagePullPolicy": { + "description": "ImagePullPolicy defines the pull policy for the function image.", "type": "string", "default": "IfNotPresent", "enum": [ @@ -408,9 +480,11 @@ ] }, "network": { + "description": "Network configuration for the Composition Function.", "type": "object", "properties": { "policy": { + "description": "Policy specifies the network policy under which the Composition Function will run. Defaults to 'Isolated' - i.e. no network access. Specify 'Runner' to allow the function the same network access as its runner.", "type": "string", "default": "Isolated", "enum": [ @@ -422,12 +496,15 @@ "additionalProperties": false }, "resources": { + "description": "Resources that may be used by the Composition Function.", "type": "object", "properties": { "limits": { + "description": "Limits specify the maximum compute resources that may be used by the Composition Function.", "type": "object", "properties": { "cpu": { + "description": "CPU, in cores. (500m = .5 cores)", "default": "100m", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ @@ -441,6 +518,7 @@ "x-kubernetes-int-or-string": true }, "memory": { + "description": "Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)", "default": "128Mi", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ @@ -460,9 +538,11 @@ "additionalProperties": false }, "runner": { + "description": "Runner configuration for the Composition Function.", "type": "object", "properties": { "endpoint": { + "description": "Endpoint specifies how and where Crossplane should reach the runner it uses to invoke containerized Composition Functions.", "type": "string", "default": "unix:///@crossplane/fn/default.sock" } @@ -470,6 +550,7 @@ "additionalProperties": false }, "timeout": { + "description": "Timeout after which the Composition Function will be killed.", "type": "string", "default": "20s" } @@ -477,9 +558,11 @@ "additionalProperties": false }, "name": { + "description": "Name of this function. Must be unique within its Composition.", "type": "string" }, "type": { + "description": "Type of this function.", "type": "string", "enum": [ "Container" @@ -490,8 +573,10 @@ } }, "patchSets": { + "description": "PatchSets define a named set of patches that may be included by any resource in this Composition. PatchSets cannot themselves refer to other PatchSets.", "type": "array", "items": { + "description": "A PatchSet is a set of patches that can be reused from all resources within a Composition.", "type": "object", "required": [ "name", @@ -499,14 +584,18 @@ ], "properties": { "name": { + "description": "Name of this PatchSet.", "type": "string" }, "patches": { + "description": "Patches will be applied as an overlay to the base resource.", "type": "array", "items": { + "description": "Patch objects are applied between composite and composed resources. Their behaviour depends on the Type selected. The default Type, FromCompositeFieldPath, copies a value from the composite resource to the composed resource, applying any defined transformers.", "type": "object", "properties": { "combine": { + "description": "Combine is the patch configuration for a CombineFromComposite or CombineToComposite patch.", "type": "object", "required": [ "strategy", @@ -514,33 +603,39 @@ ], "properties": { "strategy": { + "description": "Strategy defines the strategy to use to combine the input variable values. Currently only string is supported.", "type": "string", "enum": [ "string" ] }, "string": { + "description": "String declares that input variables should be combined into a single string, using the relevant settings for formatting purposes.", "type": "object", "required": [ "fmt" ], "properties": { "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" } }, "additionalProperties": false }, "variables": { + "description": "Variables are the list of variables whose values will be retrieved and combined.", "type": "array", "minItems": 1, "items": { + "description": "A CombineVariable defines the source of a value that is combined with others to form and patch an output value. Currently, this only supports retrieving values from a field path.", "type": "object", "required": [ "fromFieldPath" ], "properties": { "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the source whose value is to be used as input.", "type": "string" } }, @@ -551,15 +646,19 @@ "additionalProperties": false }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the resource whose value is to be used as input. Required when type is FromCompositeFieldPath or ToCompositeFieldPath.", "type": "string" }, "patchSetName": { + "description": "PatchSetName to include patches from. Required when type is PatchSet.", "type": "string" }, "policy": { + "description": "Policy configures the specifics of patching behaviour.", "type": "object", "properties": { "fromFieldPath": { + "description": "FromFieldPath specifies how to patch from a field path. The default is 'Optional', which means the patch will be a no-op if the specified fromFieldPath does not exist. Use 'Required' if the patch should fail if the specified path does not exist.", "type": "string", "enum": [ "Optional", @@ -567,12 +666,15 @@ ] }, "mergeOptions": { + "description": "MergeOptions Specifies merge options on a field path", "type": "object", "properties": { "appendSlice": { + "description": "Specifies that already existing elements in a merged slice should be preserved", "type": "boolean" }, "keepMapValues": { + "description": "Specifies that already existing values in a merged map should be preserved", "type": "boolean" } }, @@ -582,29 +684,35 @@ "additionalProperties": false }, "toFieldPath": { + "description": "ToFieldPath is the path of the field on the resource whose value will be changed with the result of transforms. Leave empty if you'd like to propagate to the same path as fromFieldPath.", "type": "string" }, "transforms": { + "description": "Transforms are the list of functions that are used as a FIFO pipe for the input to be transformed.", "type": "array", "items": { + "description": "Transform is a unit of process whose input is transformed into an output with the supplied configuration.", "type": "object", "required": [ "type" ], "properties": { "convert": { + "description": "Convert is used to cast the input into the given output type.", "type": "object", "required": [ "toType" ], "properties": { "format": { + "description": "The expected input format. \n * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). Only used during `string -\u003e float64` conversions. \n If this property is null, the default conversion is applied.", "type": "string", "enum": [ "quantity" ] }, "toType": { + "description": "ToType is the type of the output of this transform.", "type": "string", "enum": [ "string", @@ -618,15 +726,18 @@ "additionalProperties": false }, "map": { + "description": "Map uses the input as a key in the given map and returns the value.", "type": "object", "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true } }, "match": { + "description": "Match is a more complex version of Map that matches a list of patterns.", "type": "object", "properties": { "fallbackTo": { + "description": "Determines to what value the transform should fallback if no pattern matches.", "type": "string", "default": "Value", "enum": [ @@ -635,11 +746,14 @@ ] }, "fallbackValue": { + "description": "The fallback value that should be returned by the transform if now pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "patterns": { + "description": "The patterns that should be tested against the input string. Patterns are tested in order. The value of the first match is used as result of this transform.", "type": "array", "items": { + "description": "MatchTransformPattern is a transform that returns the value that matches a pattern.", "type": "object", "required": [ "result", @@ -647,15 +761,19 @@ ], "properties": { "literal": { + "description": "Literal exactly matches the input string (case sensitive). Is required if `type` is `literal`.", "type": "string" }, "regexp": { + "description": "Regexp to match against the input string. Is required if `type` is `regexp`.", "type": "string" }, "result": { + "description": "The value that is used as result of the transform if the pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "type": { + "description": "Type specifies how the pattern matches the input. \n * `literal` - the pattern value has to exactly match (case sensitive) the input string. This is the default. \n * `regexp` - the pattern treated as a regular expression against which the input string is tested. Crossplane will throw an error if the key is not a valid regexp.", "type": "string", "default": "literal", "enum": [ @@ -671,21 +789,26 @@ "additionalProperties": false }, "math": { + "description": "Math is used to transform the input via mathematical operations such as multiplication.", "type": "object", "properties": { "clampMax": { + "description": "ClampMax makes sure that the value is not bigger than the given value.", "type": "integer", "format": "int64" }, "clampMin": { + "description": "ClampMin makes sure that the value is not smaller than the given value.", "type": "integer", "format": "int64" }, "multiply": { + "description": "Multiply the value.", "type": "integer", "format": "int64" }, "type": { + "description": "Type of the math transform to be run.", "type": "string", "default": "Multiply", "enum": [ @@ -698,9 +821,11 @@ "additionalProperties": false }, "string": { + "description": "String is used to transform the input into a string or a different kind of string. Note that the input does not necessarily need to be a string.", "type": "object", "properties": { "convert": { + "description": "Optional conversion method to be specified. `ToUpper` and `ToLower` change the letter case of the input string. `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON.", "type": "string", "enum": [ "ToUpper", @@ -714,27 +839,33 @@ ] }, "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" }, "regexp": { + "description": "Extract a match from the input using a regular expression.", "type": "object", "required": [ "match" ], "properties": { "group": { + "description": "Group number to match. 0 (the default) matches the entire expression.", "type": "integer" }, "match": { + "description": "Match string. May optionally include submatches, aka capture groups. See https://pkg.go.dev/regexp/ for details.", "type": "string" } }, "additionalProperties": false }, "trim": { + "description": "Trim the prefix or suffix from the input", "type": "string" }, "type": { + "description": "Type of the string transform to be run.", "type": "string", "default": "Format", "enum": [ @@ -749,6 +880,7 @@ "additionalProperties": false }, "type": { + "description": "Type of the transform to be run.", "type": "string", "enum": [ "map", @@ -763,6 +895,7 @@ } }, "type": { + "description": "Type sets the patching behaviour to be used. Each patch type may require its own fields to be set on the Patch object.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -786,6 +919,7 @@ } }, "publishConnectionDetailsWithStoreConfigRef": { + "description": "PublishConnectionDetailsWithStoreConfig specifies the secret store config with which the connection details of composite resources dynamically provisioned using this composition will be published.", "type": "object", "default": { "name": "default" @@ -795,39 +929,49 @@ ], "properties": { "name": { + "description": "Name of the referenced StoreConfig.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "Resources is the list of resource templates that will be used when a composite resource referring to this composition is created.", "type": "array", "items": { + "description": "ComposedTemplate is used to provide information about how the composed resource should be processed.", "type": "object", "required": [ "base" ], "properties": { "base": { + "description": "Base is the target resource that the patches will be applied on.", "type": "object", "x-kubernetes-preserve-unknown-fields": true, "x-kubernetes-embedded-resource": true }, "connectionDetails": { + "description": "ConnectionDetails lists the propagation secret keys from this target resource to the composition instance connection secret.", "type": "array", "items": { + "description": "ConnectionDetail includes the information about the propagation of the connection information from one secret to another.", "type": "object", "properties": { "fromConnectionSecretKey": { + "description": "FromConnectionSecretKey is the key that will be used to fetch the value from the given target resource's secret.", "type": "string" }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the composed resource whose value to be used as input. Name must be specified if the type is FromFieldPath is specified.", "type": "string" }, "name": { + "description": "Name of the connection secret key that will be propagated to the connection secret of the composition instance. Leave empty if you'd like to use the same key name.", "type": "string" }, "type": { + "description": "Type sets the connection detail fetching behaviour to be used. Each connection detail type may require its own fields to be set on the ConnectionDetail object. If the type is omitted Crossplane will attempt to infer it based on which other fields were specified.", "type": "string", "enum": [ "FromConnectionSecretKey", @@ -836,6 +980,7 @@ ] }, "value": { + "description": "Value that will be propagated to the connection secret of the composition instance. Typically you should use FromConnectionSecretKey instead, but an explicit value may be set to inject a fixed, non-sensitive connection secret values, for example a well-known port. Supercedes FromConnectionSecretKey when set.", "type": "string" } }, @@ -843,14 +988,18 @@ } }, "name": { + "description": "A Name uniquely identifies this entry within its Composition's resources array. Names are optional but *strongly* recommended. When all entries in the resources array are named entries may added, deleted, and reordered as long as their names do not change. When entries are not named the length and order of the resources array should be treated as immutable. Either all or no entries must be named.", "type": "string" }, "patches": { + "description": "Patches will be applied as overlay to the base resource.", "type": "array", "items": { + "description": "Patch objects are applied between composite and composed resources. Their behaviour depends on the Type selected. The default Type, FromCompositeFieldPath, copies a value from the composite resource to the composed resource, applying any defined transformers.", "type": "object", "properties": { "combine": { + "description": "Combine is the patch configuration for a CombineFromComposite or CombineToComposite patch.", "type": "object", "required": [ "strategy", @@ -858,33 +1007,39 @@ ], "properties": { "strategy": { + "description": "Strategy defines the strategy to use to combine the input variable values. Currently only string is supported.", "type": "string", "enum": [ "string" ] }, "string": { + "description": "String declares that input variables should be combined into a single string, using the relevant settings for formatting purposes.", "type": "object", "required": [ "fmt" ], "properties": { "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" } }, "additionalProperties": false }, "variables": { + "description": "Variables are the list of variables whose values will be retrieved and combined.", "type": "array", "minItems": 1, "items": { + "description": "A CombineVariable defines the source of a value that is combined with others to form and patch an output value. Currently, this only supports retrieving values from a field path.", "type": "object", "required": [ "fromFieldPath" ], "properties": { "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the source whose value is to be used as input.", "type": "string" } }, @@ -895,15 +1050,19 @@ "additionalProperties": false }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the resource whose value is to be used as input. Required when type is FromCompositeFieldPath or ToCompositeFieldPath.", "type": "string" }, "patchSetName": { + "description": "PatchSetName to include patches from. Required when type is PatchSet.", "type": "string" }, "policy": { + "description": "Policy configures the specifics of patching behaviour.", "type": "object", "properties": { "fromFieldPath": { + "description": "FromFieldPath specifies how to patch from a field path. The default is 'Optional', which means the patch will be a no-op if the specified fromFieldPath does not exist. Use 'Required' if the patch should fail if the specified path does not exist.", "type": "string", "enum": [ "Optional", @@ -911,12 +1070,15 @@ ] }, "mergeOptions": { + "description": "MergeOptions Specifies merge options on a field path", "type": "object", "properties": { "appendSlice": { + "description": "Specifies that already existing elements in a merged slice should be preserved", "type": "boolean" }, "keepMapValues": { + "description": "Specifies that already existing values in a merged map should be preserved", "type": "boolean" } }, @@ -926,29 +1088,35 @@ "additionalProperties": false }, "toFieldPath": { + "description": "ToFieldPath is the path of the field on the resource whose value will be changed with the result of transforms. Leave empty if you'd like to propagate to the same path as fromFieldPath.", "type": "string" }, "transforms": { + "description": "Transforms are the list of functions that are used as a FIFO pipe for the input to be transformed.", "type": "array", "items": { + "description": "Transform is a unit of process whose input is transformed into an output with the supplied configuration.", "type": "object", "required": [ "type" ], "properties": { "convert": { + "description": "Convert is used to cast the input into the given output type.", "type": "object", "required": [ "toType" ], "properties": { "format": { + "description": "The expected input format. \n * `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity). Only used during `string -\u003e float64` conversions. \n If this property is null, the default conversion is applied.", "type": "string", "enum": [ "quantity" ] }, "toType": { + "description": "ToType is the type of the output of this transform.", "type": "string", "enum": [ "string", @@ -962,15 +1130,18 @@ "additionalProperties": false }, "map": { + "description": "Map uses the input as a key in the given map and returns the value.", "type": "object", "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true } }, "match": { + "description": "Match is a more complex version of Map that matches a list of patterns.", "type": "object", "properties": { "fallbackTo": { + "description": "Determines to what value the transform should fallback if no pattern matches.", "type": "string", "default": "Value", "enum": [ @@ -979,11 +1150,14 @@ ] }, "fallbackValue": { + "description": "The fallback value that should be returned by the transform if now pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "patterns": { + "description": "The patterns that should be tested against the input string. Patterns are tested in order. The value of the first match is used as result of this transform.", "type": "array", "items": { + "description": "MatchTransformPattern is a transform that returns the value that matches a pattern.", "type": "object", "required": [ "result", @@ -991,15 +1165,19 @@ ], "properties": { "literal": { + "description": "Literal exactly matches the input string (case sensitive). Is required if `type` is `literal`.", "type": "string" }, "regexp": { + "description": "Regexp to match against the input string. Is required if `type` is `regexp`.", "type": "string" }, "result": { + "description": "The value that is used as result of the transform if the pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "type": { + "description": "Type specifies how the pattern matches the input. \n * `literal` - the pattern value has to exactly match (case sensitive) the input string. This is the default. \n * `regexp` - the pattern treated as a regular expression against which the input string is tested. Crossplane will throw an error if the key is not a valid regexp.", "type": "string", "default": "literal", "enum": [ @@ -1015,21 +1193,26 @@ "additionalProperties": false }, "math": { + "description": "Math is used to transform the input via mathematical operations such as multiplication.", "type": "object", "properties": { "clampMax": { + "description": "ClampMax makes sure that the value is not bigger than the given value.", "type": "integer", "format": "int64" }, "clampMin": { + "description": "ClampMin makes sure that the value is not smaller than the given value.", "type": "integer", "format": "int64" }, "multiply": { + "description": "Multiply the value.", "type": "integer", "format": "int64" }, "type": { + "description": "Type of the math transform to be run.", "type": "string", "default": "Multiply", "enum": [ @@ -1042,9 +1225,11 @@ "additionalProperties": false }, "string": { + "description": "String is used to transform the input into a string or a different kind of string. Note that the input does not necessarily need to be a string.", "type": "object", "properties": { "convert": { + "description": "Optional conversion method to be specified. `ToUpper` and `ToLower` change the letter case of the input string. `ToBase64` and `FromBase64` perform a base64 conversion based on the input string. `ToJson` converts any input value into its raw JSON representation. `ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input converted to JSON.", "type": "string", "enum": [ "ToUpper", @@ -1058,27 +1243,33 @@ ] }, "fmt": { + "description": "Format the input using a Go format string. See https://golang.org/pkg/fmt/ for details.", "type": "string" }, "regexp": { + "description": "Extract a match from the input using a regular expression.", "type": "object", "required": [ "match" ], "properties": { "group": { + "description": "Group number to match. 0 (the default) matches the entire expression.", "type": "integer" }, "match": { + "description": "Match string. May optionally include submatches, aka capture groups. See https://pkg.go.dev/regexp/ for details.", "type": "string" } }, "additionalProperties": false }, "trim": { + "description": "Trim the prefix or suffix from the input", "type": "string" }, "type": { + "description": "Type of the string transform to be run.", "type": "string", "default": "Format", "enum": [ @@ -1093,6 +1284,7 @@ "additionalProperties": false }, "type": { + "description": "Type of the transform to be run.", "type": "string", "enum": [ "map", @@ -1107,6 +1299,7 @@ } }, "type": { + "description": "Type sets the patching behaviour to be used. Each patch type may require its own fields to be set on the Patch object.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -1126,24 +1319,30 @@ } }, "readinessChecks": { + "description": "ReadinessChecks allows users to define custom readiness checks. All checks have to return true in order for resource to be considered ready. The default readiness check is to have the \"Ready\" condition to be \"True\".", "type": "array", "items": { + "description": "ReadinessCheck is used to indicate how to tell whether a resource is ready for consumption", "type": "object", "required": [ "type" ], "properties": { "fieldPath": { + "description": "FieldPath shows the path of the field whose value will be used.", "type": "string" }, "matchInteger": { + "description": "MatchInt is the value you'd like to match if you're using \"MatchInt\" type.", "type": "integer", "format": "int64" }, "matchString": { + "description": "MatchString is the value you'd like to match if you're using \"MatchString\" type.", "type": "string" }, "type": { + "description": "Type indicates the type of probe you'd like to use.", "type": "string", "enum": [ "MatchString", @@ -1161,21 +1360,26 @@ } }, "revision": { + "description": "Revision number. Newer revisions have larger numbers.", "type": "integer", "format": "int64" }, "writeConnectionSecretsToNamespace": { + "description": "WriteConnectionSecretsToNamespace specifies the namespace in which the connection secrets of composite resource dynamically provisioned using this composition will be created. This field is planned to be removed in a future release in favor of PublishConnectionDetailsWithStoreConfigRef. Currently, both could be set independently and connection details would be published to both without affecting each other as long as related fields at MR level specified.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "CompositionRevisionStatus shows the observed state of the composition revision.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -1185,19 +1389,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, diff --git a/schema/apiextensions.crossplane.io/compositionrevision_v1beta1.json b/schema/apiextensions.crossplane.io/compositionrevision_v1beta1.json index ab67c3902..bbbea4ae4 100644 --- a/schema/apiextensions.crossplane.io/compositionrevision_v1beta1.json +++ b/schema/apiextensions.crossplane.io/compositionrevision_v1beta1.json @@ -1,16 +1,20 @@ { + "description": "A CompositionRevision represents a revision of a Composition. Crossplane\ncreates new revisions when there are changes to the Composition.\n\nCrossplane creates and manages CompositionRevisions. Don't directly edit\nCompositionRevisions.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CompositionRevisionSpec specifies the desired state of the composition\nrevision.", "type": "object", "required": [ "compositeTypeRef", @@ -18,6 +22,7 @@ ], "properties": { "compositeTypeRef": { + "description": "CompositeTypeRef specifies the type of composite resource that this\ncomposition is compatible with.", "type": "object", "required": [ "apiVersion", @@ -25,9 +30,11 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the type.", "type": "string" }, "kind": { + "description": "Kind of the type.", "type": "string" } }, @@ -40,6 +47,7 @@ ] }, "mode": { + "description": "Mode controls what type or \"mode\" of Composition will be used.\n\n\"Pipeline\" indicates that a Composition specifies a pipeline of\nComposition Functions, each of which is responsible for producing\ncomposed resources that Crossplane should create or update.\n\n\"Resources\" indicates that a Composition uses what is commonly referred\nto as \"Patch \u0026 Transform\" or P\u0026T composition. This mode of Composition\nuses an array of resources, each a template for a composed resource.\n\nAll Compositions should use Pipeline mode. Resources mode is deprecated.\nResources mode won't be removed in Crossplane 1.x, and will remain the\ndefault to avoid breaking legacy Compositions. However, it's no longer\naccepting new features, and only accepting security related bug fixes.", "type": "string", "default": "Resources", "enum": [ @@ -48,8 +56,10 @@ ] }, "patchSets": { + "description": "PatchSets define a named set of patches that may be included by any\nresource in this Composition. PatchSets cannot themselves refer to other\nPatchSets.\n\nPatchSets are only used by the \"Resources\" mode of Composition. They\nare ignored by other modes.\n\nDeprecated: Use Composition Functions instead.", "type": "array", "items": { + "description": "A PatchSet is a set of patches that can be reused from all resources within\na Composition.", "type": "object", "required": [ "name", @@ -57,14 +67,18 @@ ], "properties": { "name": { + "description": "Name of this PatchSet.", "type": "string" }, "patches": { + "description": "Patches will be applied as an overlay to the base resource.", "type": "array", "items": { + "description": "Patch objects are applied between composite and composed resources. Their\nbehaviour depends on the Type selected. The default Type,\nFromCompositeFieldPath, copies a value from the composite resource to\nthe composed resource, applying any defined transformers.", "type": "object", "properties": { "combine": { + "description": "Combine is the patch configuration for a CombineFromComposite or\nCombineToComposite patch.", "type": "object", "required": [ "strategy", @@ -72,33 +86,39 @@ ], "properties": { "strategy": { + "description": "Strategy defines the strategy to use to combine the input variable values.\nCurrently only string is supported.", "type": "string", "enum": [ "string" ] }, "string": { + "description": "String declares that input variables should be combined into a single\nstring, using the relevant settings for formatting purposes.", "type": "object", "required": [ "fmt" ], "properties": { "fmt": { + "description": "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details.", "type": "string" } }, "additionalProperties": false }, "variables": { + "description": "Variables are the list of variables whose values will be retrieved and\ncombined.", "type": "array", "minItems": 1, "items": { + "description": "A CombineVariable defines the source of a value that is combined with\nothers to form and patch an output value. Currently, this only supports\nretrieving values from a field path.", "type": "object", "required": [ "fromFieldPath" ], "properties": { "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the source whose value is\nto be used as input.", "type": "string" } }, @@ -109,15 +129,19 @@ "additionalProperties": false }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the resource whose value is\nto be used as input. Required when type is FromCompositeFieldPath or\nToCompositeFieldPath.", "type": "string" }, "patchSetName": { + "description": "PatchSetName to include patches from. Required when type is PatchSet.", "type": "string" }, "policy": { + "description": "Policy configures the specifics of patching behaviour.", "type": "object", "properties": { "fromFieldPath": { + "description": "FromFieldPath specifies how to patch from a field path. The default is\n'Optional', which means the patch will be a no-op if the specified\nfromFieldPath does not exist. Use 'Required' if the patch should fail if\nthe specified path does not exist.", "type": "string", "enum": [ "Optional", @@ -125,12 +149,15 @@ ] }, "mergeOptions": { + "description": "MergeOptions Specifies merge options on a field path.", "type": "object", "properties": { "appendSlice": { + "description": "Specifies that already existing elements in a merged slice should be preserved", "type": "boolean" }, "keepMapValues": { + "description": "Specifies that already existing values in a merged map should be preserved", "type": "boolean" } }, @@ -140,23 +167,28 @@ "additionalProperties": false }, "toFieldPath": { + "description": "ToFieldPath is the path of the field on the resource whose value will\nbe changed with the result of transforms. Leave empty if you'd like to\npropagate to the same path as fromFieldPath.", "type": "string" }, "transforms": { + "description": "Transforms are the list of functions that are used as a FIFO pipe for the\ninput to be transformed.", "type": "array", "items": { + "description": "Transform is a unit of process whose input is transformed into an output with\nthe supplied configuration.", "type": "object", "required": [ "type" ], "properties": { "convert": { + "description": "Convert is used to cast the input into the given output type.", "type": "object", "required": [ "toType" ], "properties": { "format": { + "description": "The expected input format.\n\n* `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).\nOnly used during `string -\u003e float64` conversions.\n* `json` - parses the input as a JSON string.\nOnly used during `string -\u003e object` or `string -\u003e list` conversions.\n\nIf this property is null, the default conversion is applied.", "type": "string", "enum": [ "none", @@ -165,6 +197,7 @@ ] }, "toType": { + "description": "ToType is the type of the output of this transform.", "type": "string", "enum": [ "string", @@ -180,15 +213,18 @@ "additionalProperties": false }, "map": { + "description": "Map uses the input as a key in the given map and returns the value.", "type": "object", "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true } }, "match": { + "description": "Match is a more complex version of Map that matches a list of patterns.", "type": "object", "properties": { "fallbackTo": { + "description": "Determines to what value the transform should fallback if no pattern matches.", "type": "string", "default": "Value", "enum": [ @@ -197,11 +233,14 @@ ] }, "fallbackValue": { + "description": "The fallback value that should be returned by the transform if now pattern\nmatches.", "x-kubernetes-preserve-unknown-fields": true }, "patterns": { + "description": "The patterns that should be tested against the input string.\nPatterns are tested in order. The value of the first match is used as\nresult of this transform.", "type": "array", "items": { + "description": "MatchTransformPattern is a transform that returns the value that matches a\npattern.", "type": "object", "required": [ "result", @@ -209,15 +248,19 @@ ], "properties": { "literal": { + "description": "Literal exactly matches the input string (case sensitive).\nIs required if `type` is `literal`.", "type": "string" }, "regexp": { + "description": "Regexp to match against the input string.\nIs required if `type` is `regexp`.", "type": "string" }, "result": { + "description": "The value that is used as result of the transform if the pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "type": { + "description": "Type specifies how the pattern matches the input.\n\n* `literal` - the pattern value has to exactly match (case sensitive) the\ninput string. This is the default.\n\n* `regexp` - the pattern treated as a regular expression against\nwhich the input string is tested. Crossplane will throw an error if the\nkey is not a valid regexp.", "type": "string", "default": "literal", "enum": [ @@ -233,21 +276,26 @@ "additionalProperties": false }, "math": { + "description": "Math is used to transform the input via mathematical operations such as\nmultiplication.", "type": "object", "properties": { "clampMax": { + "description": "ClampMax makes sure that the value is not bigger than the given value.", "type": "integer", "format": "int64" }, "clampMin": { + "description": "ClampMin makes sure that the value is not smaller than the given value.", "type": "integer", "format": "int64" }, "multiply": { + "description": "Multiply the value.", "type": "integer", "format": "int64" }, "type": { + "description": "Type of the math transform to be run.", "type": "string", "default": "Multiply", "enum": [ @@ -260,9 +308,11 @@ "additionalProperties": false }, "string": { + "description": "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string.", "type": "object", "properties": { "convert": { + "description": "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string.", "type": "string", "enum": [ "ToUpper", @@ -277,39 +327,47 @@ ] }, "fmt": { + "description": "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details.", "type": "string" }, "join": { + "description": "Join defines parameters to join a slice of values to a string.", "type": "object", "required": [ "separator" ], "properties": { "separator": { + "description": "Separator defines the character that should separate the values from each\nother in the joined string.", "type": "string" } }, "additionalProperties": false }, "regexp": { + "description": "Extract a match from the input using a regular expression.", "type": "object", "required": [ "match" ], "properties": { "group": { + "description": "Group number to match. 0 (the default) matches the entire expression.", "type": "integer" }, "match": { + "description": "Match string. May optionally include submatches, aka capture groups.\nSee https://pkg.go.dev/regexp/ for details.", "type": "string" } }, "additionalProperties": false }, "trim": { + "description": "Trim the prefix or suffix from the input", "type": "string" }, "type": { + "description": "Type of the string transform to be run.", "type": "string", "default": "Format", "enum": [ @@ -325,6 +383,7 @@ "additionalProperties": false }, "type": { + "description": "Type of the transform to be run.", "type": "string", "enum": [ "map", @@ -339,6 +398,7 @@ } }, "type": { + "description": "Type sets the patching behaviour to be used. Each patch type may require\nits own fields to be set on the Patch object.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -358,8 +418,10 @@ } }, "pipeline": { + "description": "Pipeline is a list of composition function steps that will be used when a\ncomposite resource referring to this composition is created. One of\nresources and pipeline must be specified - you cannot specify both.\n\nThe Pipeline is only used by the \"Pipeline\" mode of Composition. It is\nignored by other modes.", "type": "array", "items": { + "description": "A PipelineStep in a Composition Function pipeline.", "type": "object", "required": [ "functionRef", @@ -367,8 +429,10 @@ ], "properties": { "credentials": { + "description": "Credentials are optional credentials that the Composition Function needs.", "type": "array", "items": { + "description": "FunctionCredentials are optional credentials that a Composition Function\nneeds to run.", "type": "object", "required": [ "name", @@ -376,9 +440,11 @@ ], "properties": { "name": { + "description": "Name of this set of credentials.", "type": "string" }, "secretRef": { + "description": "A SecretRef is a reference to a secret containing credentials that should\nbe supplied to the function.", "type": "object", "required": [ "name", @@ -386,15 +452,18 @@ ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, "additionalProperties": false }, "source": { + "description": "Source of the function credentials.", "type": "string", "enum": [ "None", @@ -410,23 +479,27 @@ "x-kubernetes-list-type": "map" }, "functionRef": { + "description": "FunctionRef is a reference to the Composition Function this step should\nexecute.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced Function.", "type": "string" } }, "additionalProperties": false }, "input": { + "description": "Input is an optional, arbitrary Kubernetes resource (i.e. a resource\nwith an apiVersion and kind) that will be passed to the Composition\nFunction as the 'input' of its RunFunctionRequest.", "type": "object", "x-kubernetes-preserve-unknown-fields": true, "x-kubernetes-embedded-resource": true }, "step": { + "description": "Step name. Must be unique within its Pipeline.", "type": "string" } }, @@ -438,6 +511,7 @@ "x-kubernetes-list-type": "map" }, "publishConnectionDetailsWithStoreConfigRef": { + "description": "PublishConnectionDetailsWithStoreConfig specifies the secret store config\nwith which the connection details of composite resources dynamically\nprovisioned using this composition will be published.\n\nTHIS IS AN ALPHA FIELD. Do not use it in production. It is not honored\nunless the relevant Crossplane feature flag is enabled, and may be\nchanged or removed without notice.", "type": "object", "default": { "name": "default" @@ -447,39 +521,49 @@ ], "properties": { "name": { + "description": "Name of the referenced StoreConfig.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "Resources is a list of resource templates that will be used when a\ncomposite resource referring to this composition is created.\n\nResources are only used by the \"Resources\" mode of Composition. They are\nignored by other modes.\n\nDeprecated: Use Composition Functions instead.", "type": "array", "items": { + "description": "ComposedTemplate is used to provide information about how the composed resource\nshould be processed.", "type": "object", "required": [ "base" ], "properties": { "base": { + "description": "Base is the target resource that the patches will be applied on.", "type": "object", "x-kubernetes-preserve-unknown-fields": true, "x-kubernetes-embedded-resource": true }, "connectionDetails": { + "description": "ConnectionDetails lists the propagation secret keys from this target\nresource to the composition instance connection secret.", "type": "array", "items": { + "description": "ConnectionDetail includes the information about the propagation of the connection\ninformation from one secret to another.", "type": "object", "properties": { "fromConnectionSecretKey": { + "description": "FromConnectionSecretKey is the key that will be used to fetch the value\nfrom the composed resource's connection secret.", "type": "string" }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the composed resource whose\nvalue to be used as input. Name must be specified if the type is\nFromFieldPath.", "type": "string" }, "name": { + "description": "Name of the connection secret key that will be propagated to the\nconnection secret of the composition instance. Leave empty if you'd like\nto use the same key name.", "type": "string" }, "type": { + "description": "Type sets the connection detail fetching behaviour to be used. Each\nconnection detail type may require its own fields to be set on the\nConnectionDetail object. If the type is omitted Crossplane will attempt\nto infer it based on which other fields were specified. If multiple\nfields are specified the order of precedence is:\n1. FromValue\n2. FromConnectionSecretKey\n3. FromFieldPath", "type": "string", "enum": [ "FromConnectionSecretKey", @@ -488,6 +572,7 @@ ] }, "value": { + "description": "Value that will be propagated to the connection secret of the composite\nresource. May be set to inject a fixed, non-sensitive connection secret\nvalue, for example a well-known port.", "type": "string" } }, @@ -495,14 +580,18 @@ } }, "name": { + "description": "A Name uniquely identifies this entry within its Composition's resources\narray. Names are optional but *strongly* recommended. When all entries in\nthe resources array are named entries may added, deleted, and reordered\nas long as their names do not change. When entries are not named the\nlength and order of the resources array should be treated as immutable.\nEither all or no entries must be named.", "type": "string" }, "patches": { + "description": "Patches will be applied as overlay to the base resource.", "type": "array", "items": { + "description": "Patch objects are applied between composite and composed resources. Their\nbehaviour depends on the Type selected. The default Type,\nFromCompositeFieldPath, copies a value from the composite resource to\nthe composed resource, applying any defined transformers.", "type": "object", "properties": { "combine": { + "description": "Combine is the patch configuration for a CombineFromComposite or\nCombineToComposite patch.", "type": "object", "required": [ "strategy", @@ -510,33 +599,39 @@ ], "properties": { "strategy": { + "description": "Strategy defines the strategy to use to combine the input variable values.\nCurrently only string is supported.", "type": "string", "enum": [ "string" ] }, "string": { + "description": "String declares that input variables should be combined into a single\nstring, using the relevant settings for formatting purposes.", "type": "object", "required": [ "fmt" ], "properties": { "fmt": { + "description": "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details.", "type": "string" } }, "additionalProperties": false }, "variables": { + "description": "Variables are the list of variables whose values will be retrieved and\ncombined.", "type": "array", "minItems": 1, "items": { + "description": "A CombineVariable defines the source of a value that is combined with\nothers to form and patch an output value. Currently, this only supports\nretrieving values from a field path.", "type": "object", "required": [ "fromFieldPath" ], "properties": { "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the source whose value is\nto be used as input.", "type": "string" } }, @@ -547,15 +642,19 @@ "additionalProperties": false }, "fromFieldPath": { + "description": "FromFieldPath is the path of the field on the resource whose value is\nto be used as input. Required when type is FromCompositeFieldPath or\nToCompositeFieldPath.", "type": "string" }, "patchSetName": { + "description": "PatchSetName to include patches from. Required when type is PatchSet.", "type": "string" }, "policy": { + "description": "Policy configures the specifics of patching behaviour.", "type": "object", "properties": { "fromFieldPath": { + "description": "FromFieldPath specifies how to patch from a field path. The default is\n'Optional', which means the patch will be a no-op if the specified\nfromFieldPath does not exist. Use 'Required' if the patch should fail if\nthe specified path does not exist.", "type": "string", "enum": [ "Optional", @@ -563,12 +662,15 @@ ] }, "mergeOptions": { + "description": "MergeOptions Specifies merge options on a field path.", "type": "object", "properties": { "appendSlice": { + "description": "Specifies that already existing elements in a merged slice should be preserved", "type": "boolean" }, "keepMapValues": { + "description": "Specifies that already existing values in a merged map should be preserved", "type": "boolean" } }, @@ -578,23 +680,28 @@ "additionalProperties": false }, "toFieldPath": { + "description": "ToFieldPath is the path of the field on the resource whose value will\nbe changed with the result of transforms. Leave empty if you'd like to\npropagate to the same path as fromFieldPath.", "type": "string" }, "transforms": { + "description": "Transforms are the list of functions that are used as a FIFO pipe for the\ninput to be transformed.", "type": "array", "items": { + "description": "Transform is a unit of process whose input is transformed into an output with\nthe supplied configuration.", "type": "object", "required": [ "type" ], "properties": { "convert": { + "description": "Convert is used to cast the input into the given output type.", "type": "object", "required": [ "toType" ], "properties": { "format": { + "description": "The expected input format.\n\n* `quantity` - parses the input as a K8s [`resource.Quantity`](https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Quantity).\nOnly used during `string -\u003e float64` conversions.\n* `json` - parses the input as a JSON string.\nOnly used during `string -\u003e object` or `string -\u003e list` conversions.\n\nIf this property is null, the default conversion is applied.", "type": "string", "enum": [ "none", @@ -603,6 +710,7 @@ ] }, "toType": { + "description": "ToType is the type of the output of this transform.", "type": "string", "enum": [ "string", @@ -618,15 +726,18 @@ "additionalProperties": false }, "map": { + "description": "Map uses the input as a key in the given map and returns the value.", "type": "object", "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true } }, "match": { + "description": "Match is a more complex version of Map that matches a list of patterns.", "type": "object", "properties": { "fallbackTo": { + "description": "Determines to what value the transform should fallback if no pattern matches.", "type": "string", "default": "Value", "enum": [ @@ -635,11 +746,14 @@ ] }, "fallbackValue": { + "description": "The fallback value that should be returned by the transform if now pattern\nmatches.", "x-kubernetes-preserve-unknown-fields": true }, "patterns": { + "description": "The patterns that should be tested against the input string.\nPatterns are tested in order. The value of the first match is used as\nresult of this transform.", "type": "array", "items": { + "description": "MatchTransformPattern is a transform that returns the value that matches a\npattern.", "type": "object", "required": [ "result", @@ -647,15 +761,19 @@ ], "properties": { "literal": { + "description": "Literal exactly matches the input string (case sensitive).\nIs required if `type` is `literal`.", "type": "string" }, "regexp": { + "description": "Regexp to match against the input string.\nIs required if `type` is `regexp`.", "type": "string" }, "result": { + "description": "The value that is used as result of the transform if the pattern matches.", "x-kubernetes-preserve-unknown-fields": true }, "type": { + "description": "Type specifies how the pattern matches the input.\n\n* `literal` - the pattern value has to exactly match (case sensitive) the\ninput string. This is the default.\n\n* `regexp` - the pattern treated as a regular expression against\nwhich the input string is tested. Crossplane will throw an error if the\nkey is not a valid regexp.", "type": "string", "default": "literal", "enum": [ @@ -671,21 +789,26 @@ "additionalProperties": false }, "math": { + "description": "Math is used to transform the input via mathematical operations such as\nmultiplication.", "type": "object", "properties": { "clampMax": { + "description": "ClampMax makes sure that the value is not bigger than the given value.", "type": "integer", "format": "int64" }, "clampMin": { + "description": "ClampMin makes sure that the value is not smaller than the given value.", "type": "integer", "format": "int64" }, "multiply": { + "description": "Multiply the value.", "type": "integer", "format": "int64" }, "type": { + "description": "Type of the math transform to be run.", "type": "string", "default": "Multiply", "enum": [ @@ -698,9 +821,11 @@ "additionalProperties": false }, "string": { + "description": "String is used to transform the input into a string or a different kind\nof string. Note that the input does not necessarily need to be a string.", "type": "object", "properties": { "convert": { + "description": "Optional conversion method to be specified.\n`ToUpper` and `ToLower` change the letter case of the input string.\n`ToBase64` and `FromBase64` perform a base64 conversion based on the input string.\n`ToJson` converts any input value into its raw JSON representation.\n`ToSha1`, `ToSha256` and `ToSha512` generate a hash value based on the input\nconverted to JSON.\n`ToAdler32` generate a addler32 hash based on the input string.", "type": "string", "enum": [ "ToUpper", @@ -715,39 +840,47 @@ ] }, "fmt": { + "description": "Format the input using a Go format string. See\nhttps://golang.org/pkg/fmt/ for details.", "type": "string" }, "join": { + "description": "Join defines parameters to join a slice of values to a string.", "type": "object", "required": [ "separator" ], "properties": { "separator": { + "description": "Separator defines the character that should separate the values from each\nother in the joined string.", "type": "string" } }, "additionalProperties": false }, "regexp": { + "description": "Extract a match from the input using a regular expression.", "type": "object", "required": [ "match" ], "properties": { "group": { + "description": "Group number to match. 0 (the default) matches the entire expression.", "type": "integer" }, "match": { + "description": "Match string. May optionally include submatches, aka capture groups.\nSee https://pkg.go.dev/regexp/ for details.", "type": "string" } }, "additionalProperties": false }, "trim": { + "description": "Trim the prefix or suffix from the input", "type": "string" }, "type": { + "description": "Type of the string transform to be run.", "type": "string", "default": "Format", "enum": [ @@ -763,6 +896,7 @@ "additionalProperties": false }, "type": { + "description": "Type of the transform to be run.", "type": "string", "enum": [ "map", @@ -777,6 +911,7 @@ } }, "type": { + "description": "Type sets the patching behaviour to be used. Each patch type may require\nits own fields to be set on the Patch object.", "type": "string", "default": "FromCompositeFieldPath", "enum": [ @@ -792,6 +927,7 @@ } }, "readinessChecks": { + "description": "ReadinessChecks allows users to define custom readiness checks. All checks\nhave to return true in order for resource to be considered ready. The\ndefault readiness check is to have the \"Ready\" condition to be \"True\".", "type": "array", "default": [ { @@ -803,15 +939,18 @@ } ], "items": { + "description": "ReadinessCheck is used to indicate how to tell whether a resource is ready\nfor consumption.", "type": "object", "required": [ "type" ], "properties": { "fieldPath": { + "description": "FieldPath shows the path of the field whose value will be used.", "type": "string" }, "matchCondition": { + "description": "MatchCondition specifies the condition you'd like to match if you're using \"MatchCondition\" type.", "type": "object", "required": [ "status", @@ -819,10 +958,12 @@ ], "properties": { "status": { + "description": "Status is the status of the condition you'd like to match.", "type": "string", "default": "True" }, "type": { + "description": "Type indicates the type of condition you'd like to use.", "type": "string", "default": "Ready" } @@ -830,13 +971,16 @@ "additionalProperties": false }, "matchInteger": { + "description": "MatchInt is the value you'd like to match if you're using \"MatchInt\" type.", "type": "integer", "format": "int64" }, "matchString": { + "description": "MatchString is the value you'd like to match if you're using \"MatchString\" type.", "type": "string" }, "type": { + "description": "Type indicates the type of probe you'd like to use.", "type": "string", "enum": [ "MatchString", @@ -857,21 +1001,26 @@ } }, "revision": { + "description": "Revision number. Newer revisions have larger numbers.\n\nThis number can change. When a Composition transitions from state A\n-\u003e B -\u003e A there will be only two CompositionRevisions. Crossplane will\nedit the original CompositionRevision to change its revision number from\n0 to 2.", "type": "integer", "format": "int64" }, "writeConnectionSecretsToNamespace": { + "description": "WriteConnectionSecretsToNamespace specifies the namespace in which the\nconnection secrets of composite resource dynamically provisioned using\nthis composition will be created.\nThis field is planned to be replaced in a future release in favor of\nPublishConnectionDetailsWithStoreConfigRef. Currently, both could be\nset independently and connection details would be published to both\nwithout affecting each other as long as related fields at MR level\nspecified.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "CompositionRevisionStatus shows the observed state of the composition\nrevision.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -881,23 +1030,29 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "type": "integer", "format": "int64" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, diff --git a/schema/apiextensions.crossplane.io/environmentconfig_v1alpha1.json b/schema/apiextensions.crossplane.io/environmentconfig_v1alpha1.json index 5e1230630..6dac98a76 100644 --- a/schema/apiextensions.crossplane.io/environmentconfig_v1alpha1.json +++ b/schema/apiextensions.crossplane.io/environmentconfig_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "An EnvironmentConfig contains user-defined unstructured values for\nuse in a Composition.\n\nRead the Crossplane documentation for\n[more information about EnvironmentConfigs](https://docs.crossplane.io/latest/concepts/environment-configs).", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "data": { + "description": "The data of this EnvironmentConfig.\nThis may contain any kind of structure that can be serialized into JSON.", "type": "object", "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true } }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { diff --git a/schema/appgw.ingress.k8s.io/azureingressmanagedtarget_v1.json b/schema/appgw.ingress.k8s.io/azureingressmanagedtarget_v1.json index 45a02b0c4..7481d6458 100644 --- a/schema/appgw.ingress.k8s.io/azureingressmanagedtarget_v1.json +++ b/schema/appgw.ingress.k8s.io/azureingressmanagedtarget_v1.json @@ -27,8 +27,7 @@ "maximum": 65535, "minimum": 1 } - }, - "additionalProperties": false + } } } } diff --git a/schema/appmesh.k8s.aws/mesh_v1alpha1.json b/schema/appmesh.k8s.aws/mesh_v1alpha1.json new file mode 100644 index 000000000..b43665d67 --- /dev/null +++ b/schema/appmesh.k8s.aws/mesh_v1alpha1.json @@ -0,0 +1,72 @@ +{ + "properties": { + "spec": { + "properties": { + "egressFilter": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "ALLOW_ALL", + "DROP_ALL" + ] + } + }, + "additionalProperties": false + }, + "serviceDiscoveryType": { + "type": "string", + "enum": [ + "dns" + ] + } + } + }, + "status": { + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "True", + "False", + "Unknown" + ] + }, + "type": { + "type": "string", + "enum": [ + "MeshActive" + ] + } + }, + "additionalProperties": false + } + }, + "meshArn": { + "type": "string" + } + } + } + } +} diff --git a/schema/appmesh.k8s.aws/mesh_v1beta1.json b/schema/appmesh.k8s.aws/mesh_v1beta1.json new file mode 100644 index 000000000..b43665d67 --- /dev/null +++ b/schema/appmesh.k8s.aws/mesh_v1beta1.json @@ -0,0 +1,72 @@ +{ + "properties": { + "spec": { + "properties": { + "egressFilter": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "ALLOW_ALL", + "DROP_ALL" + ] + } + }, + "additionalProperties": false + }, + "serviceDiscoveryType": { + "type": "string", + "enum": [ + "dns" + ] + } + } + }, + "status": { + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "True", + "False", + "Unknown" + ] + }, + "type": { + "type": "string", + "enum": [ + "MeshActive" + ] + } + }, + "additionalProperties": false + } + }, + "meshArn": { + "type": "string" + } + } + } + } +} diff --git a/schema/appmesh.k8s.aws/virtualnode_v1alpha1.json b/schema/appmesh.k8s.aws/virtualnode_v1alpha1.json new file mode 100644 index 000000000..ca7460d2a --- /dev/null +++ b/schema/appmesh.k8s.aws/virtualnode_v1alpha1.json @@ -0,0 +1,387 @@ +{ + "required": [ + "spec" + ], + "properties": { + "spec": { + "required": [ + "meshName" + ], + "properties": { + "backendDefaults": { + "type": "object", + "properties": { + "clientPolicy": { + "type": "object", + "properties": { + "tls": { + "type": "object", + "required": [ + "validation" + ], + "properties": { + "enforce": { + "type": "boolean" + }, + "ports": { + "type": "array", + "items": { + "type": "integer" + } + }, + "validation": { + "type": "object", + "required": [ + "trust" + ], + "properties": { + "trust": { + "type": "object", + "properties": { + "acm": { + "type": "object", + "required": [ + "certificateAuthorityArns" + ], + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "file": { + "type": "object", + "required": [ + "certificateChain" + ], + "properties": { + "certificateChain": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "backends": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "properties": { + "backendService": { + "type": "object", + "properties": { + "clientPolicy": { + "type": "object", + "properties": { + "tls": { + "type": "object", + "required": [ + "validation" + ], + "properties": { + "enforce": { + "type": "boolean" + }, + "ports": { + "type": "array", + "items": { + "type": "integer" + } + }, + "validation": { + "type": "object", + "required": [ + "trust" + ], + "properties": { + "trust": { + "type": "object", + "properties": { + "acm": { + "type": "object", + "required": [ + "certificateAuthorityArns" + ], + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "file": { + "type": "object", + "required": [ + "certificateChain" + ], + "properties": { + "certificateChain": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + ] + } + }, + "listeners": { + "type": "array", + "items": { + "type": "object", + "required": [ + "portMapping" + ], + "properties": { + "healthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer" + }, + "intervalMillis": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string", + "enum": [ + "tcp", + "http", + "http2", + "grpc" + ] + }, + "timeoutMillis": { + "type": "integer" + }, + "unhealthyThreshold": { + "type": "integer" + } + } + }, + "portMapping": { + "required": [ + "port", + "protocol" + ], + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string", + "enum": [ + "tcp", + "http", + "grpc", + "http2", + "https" + ] + } + } + }, + "tls": { + "type": "object", + "required": [ + "mode", + "certificate" + ], + "properties": { + "certificate": { + "type": "object", + "properties": { + "acm": { + "type": "object", + "required": [ + "certificateArn" + ], + "properties": { + "certificateArn": { + "type": "string" + } + }, + "additionalProperties": false + }, + "file": { + "type": "object", + "required": [ + "certificateChain", + "privateKey" + ], + "properties": { + "certificateChain": { + "type": "string" + }, + "privateKey": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "mode": { + "type": "string", + "enum": [ + "DISABLED", + "PERMISSIVE", + "STRICT" + ] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "logging": { + "type": "object", + "properties": { + "accessLog": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "meshName": { + "type": "string" + }, + "serviceDiscovery": { + "type": "object", + "properties": { + "cloudMap": { + "type": "object", + "properties": { + "namespaceName": { + "type": "string" + }, + "serviceName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dns": { + "type": "object", + "properties": { + "hostName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "status": { + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "True", + "False", + "Unknown" + ] + }, + "type": { + "type": "string", + "enum": [ + "VirtualNodeActive", + "MeshMarkedForDeletion" + ] + } + }, + "additionalProperties": false + } + }, + "meshArn": { + "type": "string" + }, + "virtualNodeArn": { + "type": "string" + } + } + } + } +} diff --git a/schema/appmesh.k8s.aws/virtualnode_v1beta1.json b/schema/appmesh.k8s.aws/virtualnode_v1beta1.json new file mode 100644 index 000000000..ca7460d2a --- /dev/null +++ b/schema/appmesh.k8s.aws/virtualnode_v1beta1.json @@ -0,0 +1,387 @@ +{ + "required": [ + "spec" + ], + "properties": { + "spec": { + "required": [ + "meshName" + ], + "properties": { + "backendDefaults": { + "type": "object", + "properties": { + "clientPolicy": { + "type": "object", + "properties": { + "tls": { + "type": "object", + "required": [ + "validation" + ], + "properties": { + "enforce": { + "type": "boolean" + }, + "ports": { + "type": "array", + "items": { + "type": "integer" + } + }, + "validation": { + "type": "object", + "required": [ + "trust" + ], + "properties": { + "trust": { + "type": "object", + "properties": { + "acm": { + "type": "object", + "required": [ + "certificateAuthorityArns" + ], + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "file": { + "type": "object", + "required": [ + "certificateChain" + ], + "properties": { + "certificateChain": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "backends": { + "type": "array", + "items": { + "oneOf": [ + { + "type": "object", + "properties": { + "backendService": { + "type": "object", + "properties": { + "clientPolicy": { + "type": "object", + "properties": { + "tls": { + "type": "object", + "required": [ + "validation" + ], + "properties": { + "enforce": { + "type": "boolean" + }, + "ports": { + "type": "array", + "items": { + "type": "integer" + } + }, + "validation": { + "type": "object", + "required": [ + "trust" + ], + "properties": { + "trust": { + "type": "object", + "properties": { + "acm": { + "type": "object", + "required": [ + "certificateAuthorityArns" + ], + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "file": { + "type": "object", + "required": [ + "certificateChain" + ], + "properties": { + "certificateChain": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + ] + } + }, + "listeners": { + "type": "array", + "items": { + "type": "object", + "required": [ + "portMapping" + ], + "properties": { + "healthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer" + }, + "intervalMillis": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string", + "enum": [ + "tcp", + "http", + "http2", + "grpc" + ] + }, + "timeoutMillis": { + "type": "integer" + }, + "unhealthyThreshold": { + "type": "integer" + } + } + }, + "portMapping": { + "required": [ + "port", + "protocol" + ], + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string", + "enum": [ + "tcp", + "http", + "grpc", + "http2", + "https" + ] + } + } + }, + "tls": { + "type": "object", + "required": [ + "mode", + "certificate" + ], + "properties": { + "certificate": { + "type": "object", + "properties": { + "acm": { + "type": "object", + "required": [ + "certificateArn" + ], + "properties": { + "certificateArn": { + "type": "string" + } + }, + "additionalProperties": false + }, + "file": { + "type": "object", + "required": [ + "certificateChain", + "privateKey" + ], + "properties": { + "certificateChain": { + "type": "string" + }, + "privateKey": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "mode": { + "type": "string", + "enum": [ + "DISABLED", + "PERMISSIVE", + "STRICT" + ] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "logging": { + "type": "object", + "properties": { + "accessLog": { + "type": "object", + "properties": { + "file": { + "type": "object", + "properties": { + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "meshName": { + "type": "string" + }, + "serviceDiscovery": { + "type": "object", + "properties": { + "cloudMap": { + "type": "object", + "properties": { + "namespaceName": { + "type": "string" + }, + "serviceName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dns": { + "type": "object", + "properties": { + "hostName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "status": { + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "True", + "False", + "Unknown" + ] + }, + "type": { + "type": "string", + "enum": [ + "VirtualNodeActive", + "MeshMarkedForDeletion" + ] + } + }, + "additionalProperties": false + } + }, + "meshArn": { + "type": "string" + }, + "virtualNodeArn": { + "type": "string" + } + } + } + } +} diff --git a/schema/appmesh.k8s.aws/virtualservice_v1alpha1.json b/schema/appmesh.k8s.aws/virtualservice_v1alpha1.json new file mode 100644 index 000000000..244ca5a45 --- /dev/null +++ b/schema/appmesh.k8s.aws/virtualservice_v1alpha1.json @@ -0,0 +1,518 @@ +{ + "required": [ + "spec" + ], + "properties": { + "spec": { + "properties": { + "meshName": { + "type": "string" + }, + "routes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "grpc": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "match": { + "type": "object", + "properties": { + "metadata": { + "type": "array", + "items": { + "type": "object", + "properties": { + "invert": { + "type": "boolean" + }, + "match": { + "type": "object", + "properties": { + "exact": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "range": { + "type": "object", + "properties": { + "end": { + "type": "integer" + }, + "start": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "regex": { + "type": "string" + }, + "suffix": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "methodName": { + "type": "string" + }, + "serviceName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "priority": { + "type": "integer" + }, + "retryPolicy": { + "type": "object", + "properties": { + "grpcRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "cancelled", + "deadline-exceeded", + "internal", + "resource-exhausted", + "unavailable" + ] + } + }, + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "server-error", + "gateway-error", + "client-error", + "stream-error" + ] + } + }, + "maxRetries": { + "type": "integer" + }, + "perRetryTimeoutMillis": { + "type": "integer" + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "connection-error" + ] + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "http": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "match": { + "type": "object", + "properties": { + "headers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "invert": { + "type": "boolean" + }, + "match": { + "type": "object", + "properties": { + "exact": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "range": { + "type": "object", + "properties": { + "end": { + "type": "integer" + }, + "start": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "regex": { + "type": "string" + }, + "suffix": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "method": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "priority": { + "type": "integer" + }, + "retryPolicy": { + "type": "object", + "properties": { + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "server-error", + "gateway-error", + "client-error", + "stream-error" + ] + } + }, + "maxRetries": { + "type": "integer" + }, + "perRetryTimeoutMillis": { + "type": "integer" + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "connection-error" + ] + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "http2": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "match": { + "type": "object", + "properties": { + "headers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "invert": { + "type": "boolean" + }, + "match": { + "type": "object", + "properties": { + "exact": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "range": { + "type": "object", + "properties": { + "end": { + "type": "integer" + }, + "start": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "regex": { + "type": "string" + }, + "suffix": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "method": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "priority": { + "type": "integer" + }, + "retryPolicy": { + "type": "object", + "properties": { + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "server-error", + "gateway-error", + "client-error", + "stream-error" + ] + } + }, + "maxRetries": { + "type": "integer" + }, + "perRetryTimeoutMillis": { + "type": "integer" + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "connection-error" + ] + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "tcp": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "virtualRouter": { + "type": "object", + "properties": { + "listeners": { + "type": "array", + "items": { + "type": "object", + "properties": { + "portMapping": { + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string", + "enum": [ + "tcp", + "http", + "grpc", + "http2", + "https" + ] + } + } + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "status": { + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "True", + "False", + "Unknown" + ] + }, + "type": { + "type": "string", + "enum": [ + "VirtualServiceActive", + "VirtualRouterActive", + "RoutesActive", + "MeshMarkedForDeletion" + ] + } + }, + "additionalProperties": false + } + }, + "routeArns": { + "type": "array", + "items": { + "type": "string" + } + }, + "virtualRouterArn": { + "type": "string" + }, + "virtualServiceArn": { + "type": "string" + } + } + } + } +} diff --git a/schema/appmesh.k8s.aws/virtualservice_v1beta1.json b/schema/appmesh.k8s.aws/virtualservice_v1beta1.json new file mode 100644 index 000000000..244ca5a45 --- /dev/null +++ b/schema/appmesh.k8s.aws/virtualservice_v1beta1.json @@ -0,0 +1,518 @@ +{ + "required": [ + "spec" + ], + "properties": { + "spec": { + "properties": { + "meshName": { + "type": "string" + }, + "routes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "grpc": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "match": { + "type": "object", + "properties": { + "metadata": { + "type": "array", + "items": { + "type": "object", + "properties": { + "invert": { + "type": "boolean" + }, + "match": { + "type": "object", + "properties": { + "exact": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "range": { + "type": "object", + "properties": { + "end": { + "type": "integer" + }, + "start": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "regex": { + "type": "string" + }, + "suffix": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "methodName": { + "type": "string" + }, + "serviceName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "priority": { + "type": "integer" + }, + "retryPolicy": { + "type": "object", + "properties": { + "grpcRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "cancelled", + "deadline-exceeded", + "internal", + "resource-exhausted", + "unavailable" + ] + } + }, + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "server-error", + "gateway-error", + "client-error", + "stream-error" + ] + } + }, + "maxRetries": { + "type": "integer" + }, + "perRetryTimeoutMillis": { + "type": "integer" + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "connection-error" + ] + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "http": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "match": { + "type": "object", + "properties": { + "headers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "invert": { + "type": "boolean" + }, + "match": { + "type": "object", + "properties": { + "exact": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "range": { + "type": "object", + "properties": { + "end": { + "type": "integer" + }, + "start": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "regex": { + "type": "string" + }, + "suffix": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "method": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "priority": { + "type": "integer" + }, + "retryPolicy": { + "type": "object", + "properties": { + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "server-error", + "gateway-error", + "client-error", + "stream-error" + ] + } + }, + "maxRetries": { + "type": "integer" + }, + "perRetryTimeoutMillis": { + "type": "integer" + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "connection-error" + ] + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "http2": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "match": { + "type": "object", + "properties": { + "headers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "invert": { + "type": "boolean" + }, + "match": { + "type": "object", + "properties": { + "exact": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "range": { + "type": "object", + "properties": { + "end": { + "type": "integer" + }, + "start": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "regex": { + "type": "string" + }, + "suffix": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "method": { + "type": "string" + }, + "prefix": { + "type": "string" + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "priority": { + "type": "integer" + }, + "retryPolicy": { + "type": "object", + "properties": { + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "server-error", + "gateway-error", + "client-error", + "stream-error" + ] + } + }, + "maxRetries": { + "type": "integer" + }, + "perRetryTimeoutMillis": { + "type": "integer" + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "connection-error" + ] + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "tcp": { + "type": "object", + "properties": { + "action": { + "type": "object", + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "virtualNodeName": { + "type": "string" + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "virtualRouter": { + "type": "object", + "properties": { + "listeners": { + "type": "array", + "items": { + "type": "object", + "properties": { + "portMapping": { + "properties": { + "port": { + "type": "integer" + }, + "protocol": { + "type": "string", + "enum": [ + "tcp", + "http", + "grpc", + "http2", + "https" + ] + } + } + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "status": { + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string", + "enum": [ + "True", + "False", + "Unknown" + ] + }, + "type": { + "type": "string", + "enum": [ + "VirtualServiceActive", + "VirtualRouterActive", + "RoutesActive", + "MeshMarkedForDeletion" + ] + } + }, + "additionalProperties": false + } + }, + "routeArns": { + "type": "array", + "items": { + "type": "string" + } + }, + "virtualRouterArn": { + "type": "string" + }, + "virtualServiceArn": { + "type": "string" + } + } + } + } +} diff --git a/schema/getambassador.io/filter_v1beta2.json b/schema/aquasecurity.github.io/ciskubebenchreport_v1alpha1.json similarity index 50% rename from schema/getambassador.io/filter_v1beta2.json rename to schema/aquasecurity.github.io/ciskubebenchreport_v1alpha1.json index 265f807fa..349816a1f 100644 --- a/schema/getambassador.io/filter_v1beta2.json +++ b/schema/aquasecurity.github.io/ciskubebenchreport_v1alpha1.json @@ -1,5 +1,4 @@ { - "description": "Filter specifies an Ambassador Edge Stack filter", "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/schema/getambassador.io/filter_v2.json b/schema/aquasecurity.github.io/clustercompliancedetailreport_v1alpha1.json similarity index 50% rename from schema/getambassador.io/filter_v2.json rename to schema/aquasecurity.github.io/clustercompliancedetailreport_v1alpha1.json index 265f807fa..349816a1f 100644 --- a/schema/getambassador.io/filter_v2.json +++ b/schema/aquasecurity.github.io/clustercompliancedetailreport_v1alpha1.json @@ -1,5 +1,4 @@ { - "description": "Filter specifies an Ambassador Edge Stack filter", "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/schema/aquasecurity.github.io/kubehunterreport_v1alpha1.json b/schema/aquasecurity.github.io/kubehunterreport_v1alpha1.json new file mode 100644 index 000000000..3e9fb239e --- /dev/null +++ b/schema/aquasecurity.github.io/kubehunterreport_v1alpha1.json @@ -0,0 +1,128 @@ +{ + "type": "object", + "required": [ + "apiVersion", + "kind", + "metadata", + "report" + ], + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "report": { + "type": "object", + "required": [ + "scanner", + "summary", + "vulnerabilities" + ], + "properties": { + "scanner": { + "type": "object", + "required": [ + "name", + "vendor", + "version" + ], + "properties": { + "name": { + "type": "string" + }, + "vendor": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "additionalProperties": false + }, + "summary": { + "type": "object", + "required": [ + "highCount", + "mediumCount", + "lowCount", + "unknownCount" + ], + "properties": { + "highCount": { + "type": "integer", + "minimum": 0 + }, + "lowCount": { + "type": "integer", + "minimum": 0 + }, + "mediumCount": { + "type": "integer", + "minimum": 0 + }, + "unknownCount": { + "type": "integer", + "minimum": 0 + } + }, + "additionalProperties": false + }, + "vulnerabilities": { + "type": "array", + "items": { + "type": "object", + "required": [ + "location", + "vid", + "category", + "severity", + "vulnerability", + "description", + "evidence", + "avd_reference" + ], + "properties": { + "avd_reference": { + "type": "string" + }, + "category": { + "type": "string" + }, + "description": { + "type": "string" + }, + "evidence": { + "type": "string" + }, + "location": { + "type": "string" + }, + "severity": { + "type": "string", + "enum": [ + "high", + "medium", + "low", + "unknown" + ] + }, + "vid": { + "type": "string" + }, + "vulnerability": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } +} diff --git a/schema/argoproj.io/argocdextension_v1alpha1.json b/schema/argoproj.io/argocdextension_v1alpha1.json index 1daa027e2..42f41b009 100644 --- a/schema/argoproj.io/argocdextension_v1alpha1.json +++ b/schema/argoproj.io/argocdextension_v1alpha1.json @@ -1,82 +1,97 @@ { + "description": "ArgoCDExtension is the Schema for the argocdextensions API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ArgoCDExtensionSpec defines the desired state of ArgoCDExtension", + "type": "object", + "required": [ + "sources" + ], "properties": { "sources": { + "description": "Sources specifies where the extension should come from", + "type": "array", "items": { - "additionalProperties": false, + "description": "ExtensionSource specifies where the extension should be sourced from", + "type": "object", "properties": { "git": { - "additionalProperties": false, + "description": "Git is specified if the extension should be sourced from a git repository", + "type": "object", "properties": { "revision": { + "description": "Revision specifies the revision of the Repository to fetch", "type": "string" }, "url": { + "description": "URL specifies the Git repository URL to fetch", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "web": { - "additionalProperties": false, + "description": "Web is specified if the extension should be sourced from a web file", + "type": "object", "properties": { "url": { + "description": "URK specifies the remote file URL", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "sources" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "ArgoCDExtensionStatus defines the observed state of ArgoCDExtension", + "type": "object", "properties": { "conditions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "message", + "status", + "type" + ], "properties": { "message": { + "description": "Message contains human-readable message indicating details about condition", "type": "string" }, "status": { + "description": "Boolean status describing if the condition is currently true", "type": "string" }, "type": { + "description": "Type is an ArgoCDExtension condition type", "type": "string" } }, - "required": [ - "message", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/autoscaling.k8s.io/verticalpodautoscaler_v1beta1.json b/schema/autoscaling.k8s.io/verticalpodautoscaler_v1beta1.json index ce7d529e0..7a9ba2d4a 100644 --- a/schema/autoscaling.k8s.io/verticalpodautoscaler_v1beta1.json +++ b/schema/autoscaling.k8s.io/verticalpodautoscaler_v1beta1.json @@ -58,9 +58,6 @@ "updatePolicy": { "type": "object", "properties": { - "minReplicas": { - "type": "integer" - }, "updateMode": { "type": "string" } diff --git a/schema/azureprovider.k8s.io/azureclusterproviderspec_v1alpha1.json b/schema/azureprovider.k8s.io/azureclusterproviderspec_v1alpha1.json index 450e84c56..f3e128850 100644 --- a/schema/azureprovider.k8s.io/azureclusterproviderspec_v1alpha1.json +++ b/schema/azureprovider.k8s.io/azureclusterproviderspec_v1alpha1.json @@ -5,12 +5,15 @@ ], "properties": { "adminKubeconfig": { + "description": "AdminKubeconfig generated using the certificates part of the spec do not move to status, since it uses on disk ca certs, which causes issues during regeneration", "type": "string" }, "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "caKeyPair": { + "description": "CAKeyPair is the key pair for CA certs.", "type": "object", "required": [ "cert", @@ -18,6 +21,7 @@ ], "properties": { "cert": { + "description": "base64 encoded cert and key", "type": "string", "format": "byte" }, @@ -29,6 +33,7 @@ "additionalProperties": false }, "clusterConfiguration": { + "description": "ClusterConfiguration holds the cluster-wide information used during a kubeadm init call.", "type": "object", "required": [ "etcd", @@ -41,18 +46,22 @@ ], "properties": { "apiServer": { + "description": "APIServer contains extra settings for the API server control plane component", "type": "object", "properties": { "certSANs": { + "description": "CertSANs sets extra Subject Alternative Names for the API Server signing cert.", "type": "array", "items": { "type": "string" } }, "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { "type": "object", @@ -63,18 +72,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -82,30 +96,38 @@ } }, "timeoutForControlPlane": { + "description": "TimeoutForControlPlane controls the timeout that we use for API server to appear", "type": "string" } }, "additionalProperties": false }, "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "certificatesDir": { + "description": "CertificatesDir specifies where to store or look for all required certificates.", "type": "string" }, "clusterName": { + "description": "The cluster name", "type": "string" }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane.", "type": "string" }, "controllerManager": { + "description": "ControllerManager contains extra settings for the controller manager control plane component", "type": "object", "properties": { "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { "type": "object", @@ -116,18 +138,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -138,27 +165,33 @@ "additionalProperties": false }, "dns": { + "description": "DNS defines the options for the DNS add-on installed in the cluster.", "type": "object", "required": [ "type" ], "properties": { "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { + "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "type": { + "description": "Type defines the DNS add-on to be used", "type": "string" } }, "additionalProperties": false }, "etcd": { + "description": "Etcd holds configuration for etcd.", "type": "object", "properties": { "external": { + "description": "External describes how to connect to an external etcd cluster Local and External are mutually exclusive", "type": "object", "required": [ "endpoints", @@ -168,48 +201,59 @@ ], "properties": { "caFile": { + "description": "CAFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "certFile": { + "description": "CertFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "endpoints": { + "description": "Endpoints of etcd members. Required for ExternalEtcd.", "type": "array", "items": { "type": "string" } }, "keyFile": { + "description": "KeyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.", "type": "string" } }, "additionalProperties": false }, "local": { + "description": "Local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive", "type": "object", "required": [ "dataDir" ], "properties": { "dataDir": { + "description": "DataDir is the directory etcd will place its data. Defaults to \"/var/lib/etcd\".", "type": "string" }, "extraArgs": { + "description": "ExtraArgs are extra arguments provided to the etcd binary when run inside a static pod.", "type": "object" }, "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { + "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "peerCertSANs": { + "description": "PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.", "type": "array", "items": { "type": "string" } }, "serverCertSANs": { + "description": "ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert.", "type": "array", "items": { "type": "string" @@ -222,18 +266,23 @@ "additionalProperties": false }, "featureGates": { + "description": "FeatureGates enabled by the user.", "type": "object" }, "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/kubernetes-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images.", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "kubernetesVersion": { + "description": "KubernetesVersion is the target version of the control plane.", "type": "string" }, "networking": { + "description": "Networking holds configuration for the networking topology of the cluster.", "type": "object", "required": [ "serviceSubnet", @@ -242,24 +291,30 @@ ], "properties": { "dnsDomain": { + "description": "DNSDomain is the dns domain used by k8s services. Defaults to \"cluster.local\".", "type": "string" }, "podSubnet": { + "description": "PodSubnet is the subnet used by pods.", "type": "string" }, "serviceSubnet": { + "description": "ServiceSubnet is the subnet used by k8s services. Defaults to \"10.96.0.0/12\".", "type": "string" } }, "additionalProperties": false }, "scheduler": { + "description": "Scheduler contains extra settings for the scheduler control plane component", "type": "object", "properties": { "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { "type": "object", @@ -270,18 +325,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -292,18 +352,21 @@ "additionalProperties": false }, "useHyperKubeImage": { + "description": "UseHyperKubeImage controls if hyperkube should be used for Kubernetes components instead of their respective separate images", "type": "boolean" } }, "additionalProperties": false }, "discoveryHashes": { + "description": "DiscoveryHashes generated using the certificates part of the spec, used by master and nodes bootstrapping this never changes until ca is rotated do not move to status, since it uses on disk ca certs, which causes issues during regeneration", "type": "array", "items": { "type": "string" } }, "etcdCAKeyPair": { + "description": "EtcdCAKeyPair is the key pair for etcd.", "type": "object", "required": [ "cert", @@ -311,6 +374,7 @@ ], "properties": { "cert": { + "description": "base64 encoded cert and key", "type": "string", "format": "byte" }, @@ -322,6 +386,7 @@ "additionalProperties": false }, "frontProxyCAKeyPair": { + "description": "FrontProxyCAKeyPair is the key pair for the front proxy.", "type": "object", "required": [ "cert", @@ -329,6 +394,7 @@ ], "properties": { "cert": { + "description": "base64 encoded cert and key", "type": "string", "format": "byte" }, @@ -340,6 +406,7 @@ "additionalProperties": false }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "location": { @@ -349,9 +416,11 @@ "type": "object" }, "networkSpec": { + "description": "NetworkSpec encapsulates all things related to Azure network.", "type": "object", "properties": { "subnets": { + "description": "Subnets configuration.", "type": "array", "items": { "type": "object", @@ -362,15 +431,19 @@ ], "properties": { "cidrBlock": { + "description": "CidrBlock is the CIDR block to be used when the provider creates a managed Vnet.", "type": "string" }, "id": { + "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "name": { + "description": "Name defines a name for the subnet resource.", "type": "string" }, "securityGroup": { + "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "type": "object", "required": [ "id", @@ -394,18 +467,22 @@ "type": "string" }, "destination": { + "description": "Destination - The destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { + "description": "DestinationPorts - The destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "protocol": { "type": "string" }, "source": { + "description": "Source - The CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { + "description": "SourcePorts - The source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" } }, @@ -419,6 +496,7 @@ "additionalProperties": false }, "vnetId": { + "description": "VnetID defines the ID of the virtual network this subnet should be built in.", "type": "string" } }, @@ -426,18 +504,22 @@ } }, "vnet": { + "description": "Vnet configuration.", "type": "object", "required": [ "name" ], "properties": { "cidrBlock": { + "description": "CidrBlock is the CIDR block to be used when the provider creates a managed virtual network.", "type": "string" }, "id": { + "description": "ID is the identifier of the virtual network this provider should use to create resources.", "type": "string" }, "name": { + "description": "Name defines a name for the virtual network resource.", "type": "string" } }, @@ -450,6 +532,7 @@ "type": "string" }, "saKeyPair": { + "description": "SAKeyPair is the service account key pair.", "type": "object", "required": [ "cert", @@ -457,6 +540,7 @@ ], "properties": { "cert": { + "description": "base64 encoded cert and key", "type": "string", "format": "byte" }, diff --git a/schema/azureprovider.k8s.io/azureclusterproviderstatus_v1alpha1.json b/schema/azureprovider.k8s.io/azureclusterproviderstatus_v1alpha1.json index d7a4fdd80..c4800e290 100644 --- a/schema/azureprovider.k8s.io/azureclusterproviderstatus_v1alpha1.json +++ b/schema/azureprovider.k8s.io/azureclusterproviderstatus_v1alpha1.json @@ -1,6 +1,7 @@ { "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "bastion": { @@ -13,6 +14,7 @@ "type": "string" }, "image": { + "description": "Storage profile", "type": "object", "required": [ "publisher", @@ -73,15 +75,18 @@ "type": "string" }, "vmSize": { + "description": "Hardware profile", "type": "string" }, "vmState": { + "description": "State - The provisioning state, which only appears in the response.", "type": "string" } }, "additionalProperties": false }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -91,6 +96,7 @@ "type": "object", "properties": { "apiServerIp": { + "description": "APIServerIP is the Kubernetes API server public IP address.", "type": "object", "properties": { "dnsName": { @@ -109,6 +115,7 @@ "additionalProperties": false }, "apiServerLb": { + "description": "APIServerLB is the Kubernetes API server load balancer.", "type": "object", "properties": { "backendPool": { @@ -139,6 +146,7 @@ "additionalProperties": false }, "securityGroups": { + "description": "SecurityGroups is a map from the role/kind of the security group to its unique name, if any.", "type": "object" } }, diff --git a/schema/azureprovider.k8s.io/azuremachineproviderspec_v1alpha1.json b/schema/azureprovider.k8s.io/azuremachineproviderspec_v1alpha1.json index 0a87de416..7a37617e7 100644 --- a/schema/azureprovider.k8s.io/azuremachineproviderspec_v1alpha1.json +++ b/schema/azureprovider.k8s.io/azuremachineproviderspec_v1alpha1.json @@ -8,6 +8,7 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "image": { @@ -35,6 +36,7 @@ "additionalProperties": false }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "location": { diff --git a/schema/azureprovider.k8s.io/azuremachineproviderstatus_v1alpha1.json b/schema/azureprovider.k8s.io/azuremachineproviderstatus_v1alpha1.json index 76887f9db..357031b6b 100644 --- a/schema/azureprovider.k8s.io/azuremachineproviderstatus_v1alpha1.json +++ b/schema/azureprovider.k8s.io/azuremachineproviderstatus_v1alpha1.json @@ -1,9 +1,11 @@ { "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "conditions": { + "description": "Conditions is a set of conditions associated with the Machine to indicate errors or other status.", "type": "array", "items": { "type": "object", @@ -17,23 +19,29 @@ ], "properties": { "lastProbeTime": { + "description": "LastProbeTime is the last time we probed the condition.", "type": "string", "format": "date-time" }, "lastTransitionTime": { + "description": "LastTransitionTime is the last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human-readable message indicating details about last transition.", "type": "string" }, "reason": { + "description": "Reason is a unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status is the status of the condition.", "type": "string" }, "type": { + "description": "Type is the type of the condition.", "type": "string" } }, @@ -41,15 +49,18 @@ } }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "vmId": { + "description": "VMID is the ID of the virtual machine created in Azure.", "type": "string" }, "vmState": { + "description": "VMState is the provisioning state of the Azure virtual machine.", "type": "string" } } diff --git a/schema/bootstrap.cluster.x-k8s.io/kubeadmconfig_v1alpha2.json b/schema/bootstrap.cluster.x-k8s.io/kubeadmconfig_v1alpha2.json index f71da1c2b..114678f5d 100644 --- a/schema/bootstrap.cluster.x-k8s.io/kubeadmconfig_v1alpha2.json +++ b/schema/bootstrap.cluster.x-k8s.io/kubeadmconfig_v1alpha2.json @@ -1,39 +1,49 @@ { + "description": "KubeadmConfig is the Schema for the kubeadmconfigs API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "KubeadmConfigSpec defines the desired state of KubeadmConfig. Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.", "type": "object", "properties": { "clusterConfiguration": { + "description": "ClusterConfiguration along with InitConfiguration are the configurations necessary for the init command", "type": "object", "properties": { "apiServer": { + "description": "APIServer contains extra settings for the API server control plane component", "type": "object", "properties": { "certSANs": { + "description": "CertSANs sets extra Subject Alternative Names for the API Server signing cert.", "type": "array", "items": { "type": "string" } }, "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object", "additionalProperties": { "type": "string" } }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { + "description": "HostPathMount contains elements describing volumes that are mounted from the host.", "type": "object", "required": [ "hostPath", @@ -42,18 +52,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -61,35 +76,44 @@ } }, "timeoutForControlPlane": { + "description": "TimeoutForControlPlane controls the timeout that we use for API server to appear", "type": "string" } }, "additionalProperties": false }, "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "certificatesDir": { + "description": "CertificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki`", "type": "string" }, "clusterName": { + "description": "The cluster name", "type": "string" }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.", "type": "string" }, "controllerManager": { + "description": "ControllerManager contains extra settings for the controller manager control plane component", "type": "object", "properties": { "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object", "additionalProperties": { "type": "string" } }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { + "description": "HostPathMount contains elements describing volumes that are mounted from the host.", "type": "object", "required": [ "hostPath", @@ -98,18 +122,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -120,24 +149,30 @@ "additionalProperties": false }, "dns": { + "description": "DNS defines the options for the DNS add-on installed in the cluster.", "type": "object", "properties": { "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { + "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "type": { + "description": "Type defines the DNS add-on to be used", "type": "string" } }, "additionalProperties": false }, "etcd": { + "description": "Etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd", "type": "object", "properties": { "external": { + "description": "External describes how to connect to an external etcd cluster Local and External are mutually exclusive", "type": "object", "required": [ "caFile", @@ -147,48 +182,59 @@ ], "properties": { "caFile": { + "description": "CAFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "certFile": { + "description": "CertFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "endpoints": { + "description": "Endpoints of etcd members. Required for ExternalEtcd.", "type": "array", "items": { "type": "string" } }, "keyFile": { + "description": "KeyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.", "type": "string" } }, "additionalProperties": false }, "local": { + "description": "Local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive", "type": "object", "properties": { "dataDir": { + "description": "DataDir is the directory etcd will place its data. Defaults to \"/var/lib/etcd\".", "type": "string" }, "extraArgs": { + "description": "ExtraArgs are extra arguments provided to the etcd binary when run inside a static pod.", "type": "object", "additionalProperties": { "type": "string" } }, "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { + "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "peerCertSANs": { + "description": "PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.", "type": "array", "items": { "type": "string" } }, "serverCertSANs": { + "description": "ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert.", "type": "array", "items": { "type": "string" @@ -201,47 +247,59 @@ "additionalProperties": false }, "featureGates": { + "description": "FeatureGates enabled by the user.", "type": "object", "additionalProperties": { "type": "boolean" } }, "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images.", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "kubernetesVersion": { + "description": "KubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version", "type": "string" }, "networking": { + "description": "Networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork.", "type": "object", "properties": { "dnsDomain": { + "description": "DNSDomain is the dns domain used by k8s services. Defaults to \"cluster.local\".", "type": "string" }, "podSubnet": { + "description": "PodSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set", "type": "string" }, "serviceSubnet": { + "description": "ServiceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to \"10.96.0.0/12\" if that's unset.", "type": "string" } }, "additionalProperties": false }, "scheduler": { + "description": "Scheduler contains extra settings for the scheduler control plane component", "type": "object", "properties": { "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object", "additionalProperties": { "type": "string" } }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { + "description": "HostPathMount contains elements describing volumes that are mounted from the host.", "type": "object", "required": [ "hostPath", @@ -250,18 +308,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -272,14 +335,17 @@ "additionalProperties": false }, "useHyperKubeImage": { + "description": "UseHyperKubeImage controls if hyperkube should be used for Kubernetes components instead of their respective separate images", "type": "boolean" } }, "additionalProperties": false }, "files": { + "description": "Files specifies extra files to be passed to user_data upon creation.", "type": "array", "items": { + "description": "File defines the input for generating write_files in cloud-init.", "type": "object", "required": [ "content", @@ -287,9 +353,11 @@ ], "properties": { "content": { + "description": "Content is the actual content of the file.", "type": "string" }, "encoding": { + "description": "Encoding specifies the encoding of the file contents.", "type": "string", "enum": [ "base64", @@ -298,12 +366,15 @@ ] }, "owner": { + "description": "Owner specifies the ownership of the file, e.g. \"root:root\".", "type": "string" }, "path": { + "description": "Path specifies the full path on disk where to store the file.", "type": "string" }, "permissions": { + "description": "Permissions specifies the permissions to assign to the file, e.g. \"0640\".", "type": "string" } }, @@ -311,45 +382,56 @@ } }, "format": { + "description": "Format specifies the output format of the bootstrap data", "type": "string", "enum": [ "cloud-config" ] }, "initConfiguration": { + "description": "InitConfiguration along with ClusterConfiguration are the configurations necessary for the init command", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "bootstrapTokens": { + "description": "BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature", "type": "array", "items": { + "description": "BootstrapToken describes one bootstrap token, stored as a Secret in the cluster", "type": "object", "required": [ "token" ], "properties": { "description": { + "description": "Description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose.", "type": "string" }, "expires": { + "description": "Expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.", "type": "string", "format": "date-time" }, "groups": { + "description": "Groups specifies the extra groups that this token will authenticate as when/if used for authentication", "type": "array", "items": { "type": "string" } }, "token": { + "description": "Token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster.", "type": "object" }, "ttl": { + "description": "TTL defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive.", "type": "string" }, "usages": { + "description": "Usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here.", "type": "array", "items": { "type": "string" @@ -360,9 +442,11 @@ } }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "localAPIEndpoint": { + "description": "LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here.", "type": "object", "required": [ "advertiseAddress", @@ -370,9 +454,11 @@ ], "properties": { "advertiseAddress": { + "description": "AdvertiseAddress sets the IP address for the API server to advertise.", "type": "string" }, "bindPort": { + "description": "BindPort sets the secure port for the API Server to bind to. Defaults to 6443.", "type": "integer", "format": "int32" } @@ -380,23 +466,29 @@ "additionalProperties": false }, "nodeRegistration": { + "description": "NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration", "type": "object", "properties": { "criSocket": { + "description": "CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "type": "string" }, "kubeletExtraArgs": { + "description": "KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.", "type": "string" }, "taints": { + "description": "Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -404,16 +496,20 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "Required. The taint value corresponding to the taint key.", "type": "string" } }, @@ -427,18 +523,23 @@ "additionalProperties": false }, "joinConfiguration": { + "description": "JoinConfiguration is the kubeadm configuration for the join command", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "caCertPath": { + "description": "CACertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to \"/etc/kubernetes/pki/ca.crt\". TODO: revisit when there is defaulting from k/k", "type": "string" }, "controlPlane": { + "description": "ControlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed.", "type": "object", "properties": { "localAPIEndpoint": { + "description": "LocalAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.", "type": "object", "required": [ "advertiseAddress", @@ -446,9 +547,11 @@ ], "properties": { "advertiseAddress": { + "description": "AdvertiseAddress sets the IP address for the API server to advertise.", "type": "string" }, "bindPort": { + "description": "BindPort sets the secure port for the API Server to bind to. Defaults to 6443.", "type": "integer", "format": "int32" } @@ -459,9 +562,11 @@ "additionalProperties": false }, "discovery": { + "description": "Discovery specifies the options for the kubelet to use during the TLS Bootstrap process TODO: revisit when there is defaulting from k/k", "type": "object", "properties": { "bootstrapToken": { + "description": "BootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive", "type": "object", "required": [ "token", @@ -469,65 +574,80 @@ ], "properties": { "apiServerEndpoint": { + "description": "APIServerEndpoint is an IP or domain name to the API server from which info will be fetched.", "type": "string" }, "caCertHashes": { + "description": "CACertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as \"\u003ctype\u003e:\u003cvalue\u003e\", where the only currently supported type is \"sha256\". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2\u003e\u0026/dev/null | openssl dgst -sha256 -hex", "type": "array", "items": { "type": "string" } }, "token": { + "description": "Token is a token used to validate cluster information fetched from the control-plane.", "type": "string" }, "unsafeSkipCAVerification": { + "description": "UnsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane.", "type": "boolean" } }, "additionalProperties": false }, "file": { + "description": "File is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive", "type": "object", "required": [ "kubeConfigPath" ], "properties": { "kubeConfigPath": { + "description": "KubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information", "type": "string" } }, "additionalProperties": false }, "timeout": { + "description": "Timeout modifies the discovery timeout", "type": "string" }, "tlsBootstrapToken": { + "description": "TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information TODO: revisit when there is defaulting from k/k", "type": "string" } }, "additionalProperties": false }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "nodeRegistration": { + "description": "NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration", "type": "object", "properties": { "criSocket": { + "description": "CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "type": "string" }, "kubeletExtraArgs": { + "description": "KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.", "type": "string" }, "taints": { + "description": "Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -535,16 +655,20 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "Required. The taint value corresponding to the taint key.", "type": "string" } }, @@ -558,12 +682,15 @@ "additionalProperties": false }, "ntp": { + "description": "NTP specifies NTP configuration", "type": "object", "properties": { "enabled": { + "description": "Enabled specifies whether NTP should be enabled", "type": "boolean" }, "servers": { + "description": "Servers specifies which NTP servers to use", "type": "array", "items": { "type": "string" @@ -573,59 +700,74 @@ "additionalProperties": false }, "postKubeadmCommands": { + "description": "PostKubeadmCommands specifies extra commands to run after kubeadm runs", "type": "array", "items": { "type": "string" } }, "preKubeadmCommands": { + "description": "PreKubeadmCommands specifies extra commands to run before kubeadm runs", "type": "array", "items": { "type": "string" } }, "users": { + "description": "Users specifies extra users to add", "type": "array", "items": { + "description": "User defines the input for a generated user in cloud-init.", "type": "object", "required": [ "name" ], "properties": { "gecos": { + "description": "Gecos specifies the gecos to use for the user", "type": "string" }, "groups": { + "description": "Groups specifies the additional groups for the user", "type": "string" }, "homeDir": { + "description": "HomeDir specifies the home directory to use for the user", "type": "string" }, "inactive": { + "description": "Inactive specifies whether to mark the user as inactive", "type": "boolean" }, "lockPassword": { + "description": "LockPassword specifies if password login should be disabled", "type": "boolean" }, "name": { + "description": "Name specifies the user name", "type": "string" }, "passwd": { + "description": "Passwd specifies a hashed password for the user", "type": "string" }, "primaryGroup": { + "description": "PrimaryGroup specifies the primary group for the user", "type": "string" }, "shell": { + "description": "Shell specifies the user's shell", "type": "string" }, "sshAuthorizedKeys": { + "description": "SSHAuthorizedKeys specifies a list of ssh authorized keys for the user", "type": "array", "items": { "type": "string" } }, "sudo": { + "description": "Sudo specifies a sudo role for the user", "type": "string" } }, @@ -636,19 +778,24 @@ "additionalProperties": false }, "status": { + "description": "KubeadmConfigStatus defines the observed state of KubeadmConfig", "type": "object", "properties": { "bootstrapData": { + "description": "BootstrapData will be a cloud-init script for now", "type": "string", "format": "byte" }, "errorMessage": { + "description": "ErrorMessage will be set on non-retryable errors", "type": "string" }, "errorReason": { + "description": "ErrorReason will be set on non-retryable errors", "type": "string" }, "ready": { + "description": "Ready indicates the BootstrapData field is ready to be consumed", "type": "boolean" } }, diff --git a/schema/bootstrap.cluster.x-k8s.io/kubeadmconfigtemplate_v1alpha2.json b/schema/bootstrap.cluster.x-k8s.io/kubeadmconfigtemplate_v1alpha2.json index fd91f03e4..c0f43a213 100644 --- a/schema/bootstrap.cluster.x-k8s.io/kubeadmconfigtemplate_v1alpha2.json +++ b/schema/bootstrap.cluster.x-k8s.io/kubeadmconfigtemplate_v1alpha2.json @@ -1,48 +1,60 @@ { + "description": "KubeadmConfigTemplate is the Schema for the kubeadmconfigtemplates API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "KubeadmConfigTemplateSpec defines the desired state of KubeadmConfigTemplate", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "KubeadmConfigTemplateResource defines the Template structure", "type": "object", "properties": { "spec": { + "description": "KubeadmConfigSpec defines the desired state of KubeadmConfig. Either ClusterConfiguration and InitConfiguration should be defined or the JoinConfiguration should be defined.", "type": "object", "properties": { "clusterConfiguration": { + "description": "ClusterConfiguration along with InitConfiguration are the configurations necessary for the init command", "type": "object", "properties": { "apiServer": { + "description": "APIServer contains extra settings for the API server control plane component", "type": "object", "properties": { "certSANs": { + "description": "CertSANs sets extra Subject Alternative Names for the API Server signing cert.", "type": "array", "items": { "type": "string" } }, "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object", "additionalProperties": { "type": "string" } }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { + "description": "HostPathMount contains elements describing volumes that are mounted from the host.", "type": "object", "required": [ "hostPath", @@ -51,18 +63,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -70,35 +87,44 @@ } }, "timeoutForControlPlane": { + "description": "TimeoutForControlPlane controls the timeout that we use for API server to appear", "type": "string" } }, "additionalProperties": false }, "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "certificatesDir": { + "description": "CertificatesDir specifies where to store or look for all required certificates. NB: if not provided, this will default to `/etc/kubernetes/pki`", "type": "string" }, "clusterName": { + "description": "The cluster name", "type": "string" }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane. NB: This value defaults to the first value in the Cluster object status.apiEndpoints array.", "type": "string" }, "controllerManager": { + "description": "ControllerManager contains extra settings for the controller manager control plane component", "type": "object", "properties": { "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object", "additionalProperties": { "type": "string" } }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { + "description": "HostPathMount contains elements describing volumes that are mounted from the host.", "type": "object", "required": [ "hostPath", @@ -107,18 +133,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -129,24 +160,30 @@ "additionalProperties": false }, "dns": { + "description": "DNS defines the options for the DNS add-on installed in the cluster.", "type": "object", "properties": { "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { + "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "type": { + "description": "Type defines the DNS add-on to be used", "type": "string" } }, "additionalProperties": false }, "etcd": { + "description": "Etcd holds configuration for etcd. NB: This value defaults to a Local (stacked) etcd", "type": "object", "properties": { "external": { + "description": "External describes how to connect to an external etcd cluster Local and External are mutually exclusive", "type": "object", "required": [ "caFile", @@ -156,48 +193,59 @@ ], "properties": { "caFile": { + "description": "CAFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "certFile": { + "description": "CertFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "endpoints": { + "description": "Endpoints of etcd members. Required for ExternalEtcd.", "type": "array", "items": { "type": "string" } }, "keyFile": { + "description": "KeyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.", "type": "string" } }, "additionalProperties": false }, "local": { + "description": "Local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive", "type": "object", "properties": { "dataDir": { + "description": "DataDir is the directory etcd will place its data. Defaults to \"/var/lib/etcd\".", "type": "string" }, "extraArgs": { + "description": "ExtraArgs are extra arguments provided to the etcd binary when run inside a static pod.", "type": "object", "additionalProperties": { "type": "string" } }, "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { + "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "peerCertSANs": { + "description": "PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.", "type": "array", "items": { "type": "string" } }, "serverCertSANs": { + "description": "ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert.", "type": "array", "items": { "type": "string" @@ -210,47 +258,59 @@ "additionalProperties": false }, "featureGates": { + "description": "FeatureGates enabled by the user.", "type": "object", "additionalProperties": { "type": "boolean" } }, "imageRepository": { + "description": "ImageRepository sets the container registry to pull images from. If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images.", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "kubernetesVersion": { + "description": "KubernetesVersion is the target version of the control plane. NB: This value defaults to the Machine object spec.version", "type": "string" }, "networking": { + "description": "Networking holds configuration for the networking topology of the cluster. NB: This value defaults to the Cluster object spec.clusterNetwork.", "type": "object", "properties": { "dnsDomain": { + "description": "DNSDomain is the dns domain used by k8s services. Defaults to \"cluster.local\".", "type": "string" }, "podSubnet": { + "description": "PodSubnet is the subnet used by pods. If unset, the API server will not allocate CIDR ranges for every node. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.services.cidrBlocks if that is set", "type": "string" }, "serviceSubnet": { + "description": "ServiceSubnet is the subnet used by k8s services. Defaults to a comma-delimited string of the Cluster object's spec.clusterNetwork.pods.cidrBlocks, or to \"10.96.0.0/12\" if that's unset.", "type": "string" } }, "additionalProperties": false }, "scheduler": { + "description": "Scheduler contains extra settings for the scheduler control plane component", "type": "object", "properties": { "extraArgs": { + "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object", "additionalProperties": { "type": "string" } }, "extraVolumes": { + "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "type": "array", "items": { + "description": "HostPathMount contains elements describing volumes that are mounted from the host.", "type": "object", "required": [ "hostPath", @@ -259,18 +319,23 @@ ], "properties": { "hostPath": { + "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { + "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { + "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { + "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { + "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, @@ -281,14 +346,17 @@ "additionalProperties": false }, "useHyperKubeImage": { + "description": "UseHyperKubeImage controls if hyperkube should be used for Kubernetes components instead of their respective separate images", "type": "boolean" } }, "additionalProperties": false }, "files": { + "description": "Files specifies extra files to be passed to user_data upon creation.", "type": "array", "items": { + "description": "File defines the input for generating write_files in cloud-init.", "type": "object", "required": [ "content", @@ -296,9 +364,11 @@ ], "properties": { "content": { + "description": "Content is the actual content of the file.", "type": "string" }, "encoding": { + "description": "Encoding specifies the encoding of the file contents.", "type": "string", "enum": [ "base64", @@ -307,12 +377,15 @@ ] }, "owner": { + "description": "Owner specifies the ownership of the file, e.g. \"root:root\".", "type": "string" }, "path": { + "description": "Path specifies the full path on disk where to store the file.", "type": "string" }, "permissions": { + "description": "Permissions specifies the permissions to assign to the file, e.g. \"0640\".", "type": "string" } }, @@ -320,45 +393,56 @@ } }, "format": { + "description": "Format specifies the output format of the bootstrap data", "type": "string", "enum": [ "cloud-config" ] }, "initConfiguration": { + "description": "InitConfiguration along with ClusterConfiguration are the configurations necessary for the init command", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "bootstrapTokens": { + "description": "BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature", "type": "array", "items": { + "description": "BootstrapToken describes one bootstrap token, stored as a Secret in the cluster", "type": "object", "required": [ "token" ], "properties": { "description": { + "description": "Description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose.", "type": "string" }, "expires": { + "description": "Expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.", "type": "string", "format": "date-time" }, "groups": { + "description": "Groups specifies the extra groups that this token will authenticate as when/if used for authentication", "type": "array", "items": { "type": "string" } }, "token": { + "description": "Token is used for establishing bidirectional trust between nodes and control-planes. Used for joining nodes in the cluster.", "type": "object" }, "ttl": { + "description": "TTL defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive.", "type": "string" }, "usages": { + "description": "Usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here.", "type": "array", "items": { "type": "string" @@ -369,9 +453,11 @@ } }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "localAPIEndpoint": { + "description": "LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here.", "type": "object", "required": [ "advertiseAddress", @@ -379,9 +465,11 @@ ], "properties": { "advertiseAddress": { + "description": "AdvertiseAddress sets the IP address for the API server to advertise.", "type": "string" }, "bindPort": { + "description": "BindPort sets the secure port for the API Server to bind to. Defaults to 6443.", "type": "integer", "format": "int32" } @@ -389,23 +477,29 @@ "additionalProperties": false }, "nodeRegistration": { + "description": "NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration", "type": "object", "properties": { "criSocket": { + "description": "CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "type": "string" }, "kubeletExtraArgs": { + "description": "KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.", "type": "string" }, "taints": { + "description": "Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -413,16 +507,20 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "Required. The taint value corresponding to the taint key.", "type": "string" } }, @@ -436,18 +534,23 @@ "additionalProperties": false }, "joinConfiguration": { + "description": "JoinConfiguration is the kubeadm configuration for the join command", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "caCertPath": { + "description": "CACertPath is the path to the SSL certificate authority used to secure comunications between node and control-plane. Defaults to \"/etc/kubernetes/pki/ca.crt\". TODO: revisit when there is defaulting from k/k", "type": "string" }, "controlPlane": { + "description": "ControlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed.", "type": "object", "properties": { "localAPIEndpoint": { + "description": "LocalAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.", "type": "object", "required": [ "advertiseAddress", @@ -455,9 +558,11 @@ ], "properties": { "advertiseAddress": { + "description": "AdvertiseAddress sets the IP address for the API server to advertise.", "type": "string" }, "bindPort": { + "description": "BindPort sets the secure port for the API Server to bind to. Defaults to 6443.", "type": "integer", "format": "int32" } @@ -468,9 +573,11 @@ "additionalProperties": false }, "discovery": { + "description": "Discovery specifies the options for the kubelet to use during the TLS Bootstrap process TODO: revisit when there is defaulting from k/k", "type": "object", "properties": { "bootstrapToken": { + "description": "BootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive", "type": "object", "required": [ "token", @@ -478,65 +585,80 @@ ], "properties": { "apiServerEndpoint": { + "description": "APIServerEndpoint is an IP or domain name to the API server from which info will be fetched.", "type": "string" }, "caCertHashes": { + "description": "CACertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as \"\u003ctype\u003e:\u003cvalue\u003e\", where the only currently supported type is \"sha256\". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2\u003e\u0026/dev/null | openssl dgst -sha256 -hex", "type": "array", "items": { "type": "string" } }, "token": { + "description": "Token is a token used to validate cluster information fetched from the control-plane.", "type": "string" }, "unsafeSkipCAVerification": { + "description": "UnsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the control-plane.", "type": "boolean" } }, "additionalProperties": false }, "file": { + "description": "File is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive", "type": "object", "required": [ "kubeConfigPath" ], "properties": { "kubeConfigPath": { + "description": "KubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information", "type": "string" } }, "additionalProperties": false }, "timeout": { + "description": "Timeout modifies the discovery timeout", "type": "string" }, "tlsBootstrapToken": { + "description": "TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information TODO: revisit when there is defaulting from k/k", "type": "string" } }, "additionalProperties": false }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "nodeRegistration": { + "description": "NodeRegistration holds fields that relate to registering the new control-plane node to the cluster. When used in the context of control plane nodes, NodeRegistration should remain consistent across both InitConfiguration and JoinConfiguration", "type": "object", "properties": { "criSocket": { + "description": "CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "type": "string" }, "kubeletExtraArgs": { + "description": "KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.", "type": "string" }, "taints": { + "description": "Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -544,16 +666,20 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "Required. The taint value corresponding to the taint key.", "type": "string" } }, @@ -567,12 +693,15 @@ "additionalProperties": false }, "ntp": { + "description": "NTP specifies NTP configuration", "type": "object", "properties": { "enabled": { + "description": "Enabled specifies whether NTP should be enabled", "type": "boolean" }, "servers": { + "description": "Servers specifies which NTP servers to use", "type": "array", "items": { "type": "string" @@ -582,59 +711,74 @@ "additionalProperties": false }, "postKubeadmCommands": { + "description": "PostKubeadmCommands specifies extra commands to run after kubeadm runs", "type": "array", "items": { "type": "string" } }, "preKubeadmCommands": { + "description": "PreKubeadmCommands specifies extra commands to run before kubeadm runs", "type": "array", "items": { "type": "string" } }, "users": { + "description": "Users specifies extra users to add", "type": "array", "items": { + "description": "User defines the input for a generated user in cloud-init.", "type": "object", "required": [ "name" ], "properties": { "gecos": { + "description": "Gecos specifies the gecos to use for the user", "type": "string" }, "groups": { + "description": "Groups specifies the additional groups for the user", "type": "string" }, "homeDir": { + "description": "HomeDir specifies the home directory to use for the user", "type": "string" }, "inactive": { + "description": "Inactive specifies whether to mark the user as inactive", "type": "boolean" }, "lockPassword": { + "description": "LockPassword specifies if password login should be disabled", "type": "boolean" }, "name": { + "description": "Name specifies the user name", "type": "string" }, "passwd": { + "description": "Passwd specifies a hashed password for the user", "type": "string" }, "primaryGroup": { + "description": "PrimaryGroup specifies the primary group for the user", "type": "string" }, "shell": { + "description": "Shell specifies the user's shell", "type": "string" }, "sshAuthorizedKeys": { + "description": "SSHAuthorizedKeys specifies a list of ssh authorized keys for the user", "type": "array", "items": { "type": "string" } }, "sudo": { + "description": "Sudo specifies a sudo role for the user", "type": "string" } }, diff --git a/schema/cert-manager.io/certificate_v1alpha2.json b/schema/cert-manager.io/certificate_v1alpha2.json index 2bca4bc41..354aca962 100644 --- a/schema/cert-manager.io/certificate_v1alpha2.json +++ b/schema/cert-manager.io/certificate_v1alpha2.json @@ -1,240 +1,296 @@ { + "description": "A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the Certificate resource.", + "type": "object", + "required": [ + "issuerRef", + "secretName" + ], "properties": { "commonName": { + "description": "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4", "type": "string" }, "dnsNames": { + "description": "DNSNames is a list of DNS subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration", "type": "string" }, "emailSANs": { + "description": "EmailSANs is a list of email subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "encodeUsagesInRequest": { + "description": "EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest", "type": "boolean" }, "ipAddresses": { + "description": "IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "isCA": { + "description": "IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`.", "type": "boolean" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "keyAlgorithm": { + "description": "KeyAlgorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `rsa` or `ecdsa` If `keyAlgorithm` is specified and `keySize` is not provided, key size of 256 will be used for `ecdsa` key algorithm and key size of 2048 will be used for `rsa` key algorithm.", + "type": "string", "enum": [ "rsa", "ecdsa" - ], - "type": "string" + ] }, "keyEncoding": { + "description": "KeyEncoding is the private key cryptography standards (PKCS) for this certificate's private key to be encoded in. If provided, allowed values are `pkcs1` and `pkcs8` standing for PKCS#1 and PKCS#8, respectively. If KeyEncoding is not specified, then `pkcs1` will be used by default.", + "type": "string", "enum": [ "pkcs1", "pkcs8" - ], - "type": "string" + ] }, "keySize": { + "description": "KeySize is the key bit size of the corresponding private key for this certificate. If `keyAlgorithm` is set to `rsa`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `keyAlgorithm` is set to `ecdsa`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. No other values are allowed.", "type": "integer" }, "keystores": { - "additionalProperties": false, + "description": "Keystores configures additional keystore output formats stored in the `secretName` Secret resource.", + "type": "object", "properties": { "jks": { - "additionalProperties": false, + "description": "JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.", + "type": "object", + "required": [ + "create", + "passwordSecretRef" + ], "properties": { "create": { + "description": "Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance.", "type": "boolean" }, "passwordSecretRef": { - "additionalProperties": false, + "description": "PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "pkcs12": { + "description": "PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.", + "type": "object", "required": [ "create", "passwordSecretRef" ], - "type": "object" - }, - "pkcs12": { - "additionalProperties": false, "properties": { "create": { + "description": "Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance.", "type": "boolean" }, "passwordSecretRef": { - "additionalProperties": false, + "description": "PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "create", - "passwordSecretRef" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "organization": { + "description": "Organization is a list of organizations to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "privateKey": { - "additionalProperties": false, + "description": "Options to control private keys used for the Certificate.", + "type": "object", "properties": { "rotationPolicy": { + "description": "RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "renewBefore": { + "description": "How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration", "type": "string" }, "revisionHistoryLimit": { - "format": "int32", - "type": "integer" + "description": "revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`.", + "type": "integer", + "format": "int32" }, "secretName": { + "description": "SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.", "type": "string" }, "secretTemplate": { - "additionalProperties": false, + "description": "SecretTemplate defines annotations and labels to be propagated to the Kubernetes Secret when it is created or updated. Once created, labels and annotations are not yet removed from the Secret when they are removed from the template. See https://github.com/jetstack/cert-manager/issues/4292", + "type": "object", "properties": { "annotations": { + "description": "Annotations is a key value map to be copied to the target Kubernetes Secret.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels is a key value map to be copied to the target Kubernetes Secret.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "subject": { - "additionalProperties": false, + "description": "Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).", + "type": "object", "properties": { "countries": { + "description": "Countries to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "localities": { + "description": "Cities to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "organizationalUnits": { + "description": "Organizational Units to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "postalCodes": { + "description": "Postal codes to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "provinces": { + "description": "State/Provinces to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "serialNumber": { + "description": "Serial number to be used on the Certificate.", "type": "string" }, "streetAddresses": { + "description": "Street addresses to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "uriSANs": { + "description": "URISANs is a list of URI subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "usages": { + "description": "Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.", + "type": "array", "items": { + "description": "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"", + "type": "string", "enum": [ "signing", "digital signature", @@ -259,84 +315,92 @@ "ocsp signing", "microsoft sgc", "netscape sgc" - ], - "type": "string" - }, - "type": "array" + ] + } } }, - "required": [ - "issuerRef", - "secretName" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the Certificate. This is set and managed automatically.", + "type": "object", "properties": { "conditions": { + "description": "List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "CertificateCondition contains condition information for an Certificate.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`, `Issuing`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "lastFailureTime": { - "format": "date-time", - "type": "string" + "description": "LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time.", + "type": "string", + "format": "date-time" }, "nextPrivateKeySecretName": { + "description": "The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False.", "type": "string" }, "notAfter": { - "format": "date-time", - "type": "string" + "description": "The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`.", + "type": "string", + "format": "date-time" }, "notBefore": { - "format": "date-time", - "type": "string" + "description": "The time after which the certificate stored in the secret named by this resource in spec.secretName is valid.", + "type": "string", + "format": "date-time" }, "renewalTime": { - "format": "date-time", - "type": "string" + "description": "RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled.", + "type": "string", + "format": "date-time" }, "revision": { + "description": "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field.", "type": "integer" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/certificate_v1alpha3.json b/schema/cert-manager.io/certificate_v1alpha3.json index c971a1077..fad8f5b33 100644 --- a/schema/cert-manager.io/certificate_v1alpha3.json +++ b/schema/cert-manager.io/certificate_v1alpha3.json @@ -1,240 +1,296 @@ { + "description": "A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the Certificate resource.", + "type": "object", + "required": [ + "issuerRef", + "secretName" + ], "properties": { "commonName": { + "description": "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4", "type": "string" }, "dnsNames": { + "description": "DNSNames is a list of DNS subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration", "type": "string" }, "emailSANs": { + "description": "EmailSANs is a list of email subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "encodeUsagesInRequest": { + "description": "EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest", "type": "boolean" }, "ipAddresses": { + "description": "IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "isCA": { + "description": "IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`.", "type": "boolean" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "keyAlgorithm": { + "description": "KeyAlgorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `rsa` or `ecdsa` If `keyAlgorithm` is specified and `keySize` is not provided, key size of 256 will be used for `ecdsa` key algorithm and key size of 2048 will be used for `rsa` key algorithm.", + "type": "string", "enum": [ "rsa", "ecdsa" - ], - "type": "string" + ] }, "keyEncoding": { + "description": "KeyEncoding is the private key cryptography standards (PKCS) for this certificate's private key to be encoded in. If provided, allowed values are `pkcs1` and `pkcs8` standing for PKCS#1 and PKCS#8, respectively. If KeyEncoding is not specified, then `pkcs1` will be used by default.", + "type": "string", "enum": [ "pkcs1", "pkcs8" - ], - "type": "string" + ] }, "keySize": { + "description": "KeySize is the key bit size of the corresponding private key for this certificate. If `keyAlgorithm` is set to `rsa`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `keyAlgorithm` is set to `ecdsa`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. No other values are allowed.", "type": "integer" }, "keystores": { - "additionalProperties": false, + "description": "Keystores configures additional keystore output formats stored in the `secretName` Secret resource.", + "type": "object", "properties": { "jks": { - "additionalProperties": false, + "description": "JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.", + "type": "object", + "required": [ + "create", + "passwordSecretRef" + ], "properties": { "create": { + "description": "Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority.", "type": "boolean" }, "passwordSecretRef": { - "additionalProperties": false, + "description": "PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "pkcs12": { + "description": "PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.", + "type": "object", "required": [ "create", "passwordSecretRef" ], - "type": "object" - }, - "pkcs12": { - "additionalProperties": false, "properties": { "create": { + "description": "Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance. A file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority.", "type": "boolean" }, "passwordSecretRef": { - "additionalProperties": false, + "description": "PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "create", - "passwordSecretRef" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "privateKey": { - "additionalProperties": false, + "description": "Options to control private keys used for the Certificate.", + "type": "object", "properties": { "rotationPolicy": { + "description": "RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "renewBefore": { + "description": "How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration", "type": "string" }, "revisionHistoryLimit": { - "format": "int32", - "type": "integer" + "description": "revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`.", + "type": "integer", + "format": "int32" }, "secretName": { + "description": "SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.", "type": "string" }, "secretTemplate": { - "additionalProperties": false, + "description": "SecretTemplate defines annotations and labels to be propagated to the Kubernetes Secret when it is created or updated. Once created, labels and annotations are not yet removed from the Secret when they are removed from the template. See https://github.com/jetstack/cert-manager/issues/4292", + "type": "object", "properties": { "annotations": { + "description": "Annotations is a key value map to be copied to the target Kubernetes Secret.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels is a key value map to be copied to the target Kubernetes Secret.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "subject": { - "additionalProperties": false, + "description": "Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).", + "type": "object", "properties": { "countries": { + "description": "Countries to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "localities": { + "description": "Cities to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "organizationalUnits": { + "description": "Organizational Units to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "organizations": { + "description": "Organizations to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "postalCodes": { + "description": "Postal codes to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "provinces": { + "description": "State/Provinces to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "serialNumber": { + "description": "Serial number to be used on the Certificate.", "type": "string" }, "streetAddresses": { + "description": "Street addresses to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "uriSANs": { + "description": "URISANs is a list of URI subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "usages": { + "description": "Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.", + "type": "array", "items": { + "description": "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"", + "type": "string", "enum": [ "signing", "digital signature", @@ -259,84 +315,92 @@ "ocsp signing", "microsoft sgc", "netscape sgc" - ], - "type": "string" - }, - "type": "array" + ] + } } }, - "required": [ - "issuerRef", - "secretName" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the Certificate. This is set and managed automatically.", + "type": "object", "properties": { "conditions": { + "description": "List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "CertificateCondition contains condition information for an Certificate.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`, `Issuing`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "lastFailureTime": { - "format": "date-time", - "type": "string" + "description": "LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time.", + "type": "string", + "format": "date-time" }, "nextPrivateKeySecretName": { + "description": "The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False.", "type": "string" }, "notAfter": { - "format": "date-time", - "type": "string" + "description": "The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`.", + "type": "string", + "format": "date-time" }, "notBefore": { - "format": "date-time", - "type": "string" + "description": "The time after which the certificate stored in the secret named by this resource in spec.secretName is valid.", + "type": "string", + "format": "date-time" }, "renewalTime": { - "format": "date-time", - "type": "string" + "description": "RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled.", + "type": "string", + "format": "date-time" }, "revision": { + "description": "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field.", "type": "integer" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/certificate_v1beta1.json b/schema/cert-manager.io/certificate_v1beta1.json index c3c98322f..d3f63c522 100644 --- a/schema/cert-manager.io/certificate_v1beta1.json +++ b/schema/cert-manager.io/certificate_v1beta1.json @@ -1,240 +1,299 @@ { + "description": "A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).", + "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the Certificate resource.", + "type": "object", + "required": [ + "issuerRef", + "secretName" + ], "properties": { "commonName": { + "description": "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4", "type": "string" }, "dnsNames": { + "description": "DNSNames is a list of DNS subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration", "type": "string" }, "emailSANs": { + "description": "EmailSANs is a list of email subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "encodeUsagesInRequest": { + "description": "EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest", "type": "boolean" }, "ipAddresses": { + "description": "IPAddresses is a list of IP address subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "isCA": { + "description": "IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`.", "type": "boolean" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "keystores": { - "additionalProperties": false, + "description": "Keystores configures additional keystore output formats stored in the `secretName` Secret resource.", + "type": "object", "properties": { "jks": { - "additionalProperties": false, + "description": "JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource.", + "type": "object", + "required": [ + "create", + "passwordSecretRef" + ], "properties": { "create": { + "description": "Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance.", "type": "boolean" }, "passwordSecretRef": { - "additionalProperties": false, + "description": "PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "pkcs12": { + "description": "PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource.", + "type": "object", "required": [ "create", "passwordSecretRef" ], - "type": "object" - }, - "pkcs12": { - "additionalProperties": false, "properties": { "create": { + "description": "Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will only be updated upon re-issuance.", "type": "boolean" }, "passwordSecretRef": { - "additionalProperties": false, + "description": "PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "create", - "passwordSecretRef" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "privateKey": { - "additionalProperties": false, + "description": "Options to control private keys used for the Certificate.", + "type": "object", "properties": { "algorithm": { + "description": "Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm.", + "type": "string", "enum": [ "RSA", "ECDSA" - ], - "type": "string" + ] }, "encoding": { + "description": "The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified.", + "type": "string", "enum": [ "PKCS1", "PKCS8" - ], - "type": "string" + ] }, "rotationPolicy": { + "description": "RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility.", "type": "string" }, "size": { + "description": "Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. No other values are allowed.", "type": "integer" } }, - "type": "object" + "additionalProperties": false }, "renewBefore": { + "description": "How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration", "type": "string" }, "revisionHistoryLimit": { - "format": "int32", - "type": "integer" + "description": "revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`.", + "type": "integer", + "format": "int32" }, "secretName": { + "description": "SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer.", "type": "string" }, "secretTemplate": { - "additionalProperties": false, + "description": "SecretTemplate defines annotations and labels to be propagated to the Kubernetes Secret when it is created or updated. Once created, labels and annotations are not yet removed from the Secret when they are removed from the template. See https://github.com/jetstack/cert-manager/issues/4292", + "type": "object", "properties": { "annotations": { + "description": "Annotations is a key value map to be copied to the target Kubernetes Secret.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels is a key value map to be copied to the target Kubernetes Secret.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "subject": { - "additionalProperties": false, + "description": "Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name).", + "type": "object", "properties": { "countries": { + "description": "Countries to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "localities": { + "description": "Cities to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "organizationalUnits": { + "description": "Organizational Units to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "organizations": { + "description": "Organizations to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "postalCodes": { + "description": "Postal codes to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "provinces": { + "description": "State/Provinces to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "serialNumber": { + "description": "Serial number to be used on the Certificate.", "type": "string" }, "streetAddresses": { + "description": "Street addresses to be used on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "uriSANs": { + "description": "URISANs is a list of URI subjectAltNames to be set on the Certificate.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "usages": { + "description": "Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.", + "type": "array", "items": { + "description": "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"", + "type": "string", "enum": [ "signing", "digital signature", @@ -259,87 +318,92 @@ "ocsp signing", "microsoft sgc", "netscape sgc" - ], - "type": "string" - }, - "type": "array" + ] + } } }, - "required": [ - "issuerRef", - "secretName" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the Certificate. This is set and managed automatically.", + "type": "object", "properties": { "conditions": { + "description": "List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "CertificateCondition contains condition information for an Certificate.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`, `Issuing`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "lastFailureTime": { - "format": "date-time", - "type": "string" + "description": "LastFailureTime is the time as recorded by the Certificate controller of the most recent failure to complete a CertificateRequest for this Certificate resource. If set, cert-manager will not re-request another Certificate until 1 hour has elapsed from this time.", + "type": "string", + "format": "date-time" }, "nextPrivateKeySecretName": { + "description": "The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False.", "type": "string" }, "notAfter": { - "format": "date-time", - "type": "string" + "description": "The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`.", + "type": "string", + "format": "date-time" }, "notBefore": { - "format": "date-time", - "type": "string" + "description": "The time after which the certificate stored in the secret named by this resource in spec.secretName is valid.", + "type": "string", + "format": "date-time" }, "renewalTime": { - "format": "date-time", - "type": "string" + "description": "RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled.", + "type": "string", + "format": "date-time" }, "revision": { + "description": "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field.", "type": "integer" } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "spec" - ], - "type": "object" + } } diff --git a/schema/cert-manager.io/certificaterequest_v1alpha2.json b/schema/cert-manager.io/certificaterequest_v1alpha2.json index bc050985a..cd3234e23 100644 --- a/schema/cert-manager.io/certificaterequest_v1alpha2.json +++ b/schema/cert-manager.io/certificaterequest_v1alpha2.json @@ -1,66 +1,89 @@ { + "description": "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the CertificateRequest resource.", + "type": "object", + "required": [ + "csr", + "issuerRef" + ], "properties": { "csr": { - "format": "byte", - "type": "string" + "description": "The PEM-encoded x509 certificate signing request to be submitted to the CA for signing.", + "type": "string", + "format": "byte" }, "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types.", "type": "string" }, "extra": { + "description": "Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", + "type": "object", "additionalProperties": { + "type": "array", "items": { "type": "string" - }, - "type": "array" - }, - "type": "object" + } + } }, "groups": { + "description": "Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "isCA": { + "description": "IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`.", "type": "boolean" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "uid": { + "description": "UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", "type": "string" }, "usages": { + "description": "Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.", + "type": "array", "items": { + "description": "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"", + "type": "string", "enum": [ "signing", "digital signature", @@ -85,73 +108,78 @@ "ocsp signing", "microsoft sgc", "netscape sgc" - ], - "type": "string" - }, - "type": "array" + ] + } }, "username": { + "description": "Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", "type": "string" } }, - "required": [ - "csr", - "issuerRef" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the CertificateRequest. This is set and managed automatically.", + "type": "object", "properties": { "ca": { - "format": "byte", - "type": "string" + "description": "The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available.", + "type": "string", + "format": "byte" }, "certificate": { - "format": "byte", - "type": "string" + "description": "The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field.", + "type": "string", + "format": "byte" }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "CertificateRequestCondition contains condition information for a CertificateRequest.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "failureTime": { - "format": "date-time", - "type": "string" + "description": "FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off.", + "type": "string", + "format": "date-time" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/certificaterequest_v1alpha3.json b/schema/cert-manager.io/certificaterequest_v1alpha3.json index bc050985a..cd3234e23 100644 --- a/schema/cert-manager.io/certificaterequest_v1alpha3.json +++ b/schema/cert-manager.io/certificaterequest_v1alpha3.json @@ -1,66 +1,89 @@ { + "description": "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the CertificateRequest resource.", + "type": "object", + "required": [ + "csr", + "issuerRef" + ], "properties": { "csr": { - "format": "byte", - "type": "string" + "description": "The PEM-encoded x509 certificate signing request to be submitted to the CA for signing.", + "type": "string", + "format": "byte" }, "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types.", "type": "string" }, "extra": { + "description": "Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", + "type": "object", "additionalProperties": { + "type": "array", "items": { "type": "string" - }, - "type": "array" - }, - "type": "object" + } + } }, "groups": { + "description": "Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "isCA": { + "description": "IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`.", "type": "boolean" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "uid": { + "description": "UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", "type": "string" }, "usages": { + "description": "Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.", + "type": "array", "items": { + "description": "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"", + "type": "string", "enum": [ "signing", "digital signature", @@ -85,73 +108,78 @@ "ocsp signing", "microsoft sgc", "netscape sgc" - ], - "type": "string" - }, - "type": "array" + ] + } }, "username": { + "description": "Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", "type": "string" } }, - "required": [ - "csr", - "issuerRef" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the CertificateRequest. This is set and managed automatically.", + "type": "object", "properties": { "ca": { - "format": "byte", - "type": "string" + "description": "The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available.", + "type": "string", + "format": "byte" }, "certificate": { - "format": "byte", - "type": "string" + "description": "The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field.", + "type": "string", + "format": "byte" }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "CertificateRequestCondition contains condition information for a CertificateRequest.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "failureTime": { - "format": "date-time", - "type": "string" + "description": "FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off.", + "type": "string", + "format": "date-time" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/certificaterequest_v1beta1.json b/schema/cert-manager.io/certificaterequest_v1beta1.json index 39b0ff1f9..b3235ad1a 100644 --- a/schema/cert-manager.io/certificaterequest_v1beta1.json +++ b/schema/cert-manager.io/certificaterequest_v1beta1.json @@ -1,66 +1,92 @@ { + "description": "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used.", + "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the CertificateRequest resource.", + "type": "object", + "required": [ + "issuerRef", + "request" + ], "properties": { "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types.", "type": "string" }, "extra": { + "description": "Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", + "type": "object", "additionalProperties": { + "type": "array", "items": { "type": "string" - }, - "type": "array" - }, - "type": "object" + } + } }, "groups": { + "description": "Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "isCA": { + "description": "IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`.", "type": "boolean" }, "issuerRef": { - "additionalProperties": false, + "description": "IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty.", + "type": "object", + "required": [ + "name" + ], "properties": { "group": { + "description": "Group of the resource being referred to.", "type": "string" }, "kind": { + "description": "Kind of the resource being referred to.", "type": "string" }, "name": { + "description": "Name of the resource being referred to.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "request": { - "format": "byte", - "type": "string" + "description": "The PEM-encoded x509 certificate signing request to be submitted to the CA for signing.", + "type": "string", + "format": "byte" }, "uid": { + "description": "UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", "type": "string" }, "usages": { + "description": "Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified.", + "type": "array", "items": { + "description": "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"", + "type": "string", "enum": [ "signing", "digital signature", @@ -85,76 +111,78 @@ "ocsp signing", "microsoft sgc", "netscape sgc" - ], - "type": "string" - }, - "type": "array" + ] + } }, "username": { + "description": "Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable.", "type": "string" } }, - "required": [ - "issuerRef", - "request" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the CertificateRequest. This is set and managed automatically.", + "type": "object", "properties": { "ca": { - "format": "byte", - "type": "string" + "description": "The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available.", + "type": "string", + "format": "byte" }, "certificate": { - "format": "byte", - "type": "string" + "description": "The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field.", + "type": "string", + "format": "byte" }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "CertificateRequestCondition contains condition information for a CertificateRequest.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "failureTime": { - "format": "date-time", - "type": "string" + "description": "FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off.", + "type": "string", + "format": "date-time" } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "spec" - ], - "type": "object" + } } diff --git a/schema/cert-manager.io/clusterissuer_v1alpha2.json b/schema/cert-manager.io/clusterissuer_v1alpha2.json index 50938c16f..452535b26 100644 --- a/schema/cert-manager.io/clusterissuer_v1alpha2.json +++ b/schema/cert-manager.io/clusterissuer_v1alpha2.json @@ -1,1444 +1,1720 @@ { + "description": "A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the ClusterIssuer resource.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.", + "type": "object", + "required": [ + "privateKeySecretRef", + "server" + ], "properties": { "disableAccountKeyGeneration": { + "description": "Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.", "type": "boolean" }, "email": { + "description": "Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.", "type": "string" }, "enableDurationFeature": { + "description": "Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.", "type": "boolean" }, "externalAccountBinding": { - "additionalProperties": false, + "description": "ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.", + "type": "object", + "required": [ + "keyID", + "keySecretRef" + ], "properties": { "keyAlgorithm": { + "description": "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.", + "type": "string", "enum": [ "HS256", "HS384", "HS512" - ], - "type": "string" + ] }, "keyID": { + "description": "keyID is the ID of the CA key that the External Account is bound to.", "type": "string" }, "keySecretRef": { - "additionalProperties": false, + "description": "keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "keyID", - "keySecretRef" - ], - "type": "object" + "additionalProperties": false }, "preferredChain": { - "maxLength": 64, - "type": "string" + "description": "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN", + "type": "string", + "maxLength": 64 }, "privateKeySecretRef": { - "additionalProperties": false, + "description": "PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "server": { + "description": "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported.", "type": "string" }, "skipTLSVerify": { + "description": "Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.", "type": "boolean" }, "solvers": { + "description": "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/", + "type": "array", "items": { - "additionalProperties": false, + "description": "Configures an issuer to solve challenges using the specified options. Only one of HTTP01 or DNS01 may be provided.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmedns": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azuredns": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "clouddns": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "privateKeySecretRef", - "server" - ], - "type": "object" + "additionalProperties": false }, "ca": { - "additionalProperties": false, + "description": "CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.", + "type": "object", + "required": [ + "secretName" + ], "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ocspServers": { + "description": "The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be \"http://ocsp.int-x3.letsencrypt.org\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "secretName": { + "description": "SecretName is the name of the secret used to sign Certificates issued by this Issuer.", "type": "string" } }, - "required": [ - "secretName" - ], - "type": "object" + "additionalProperties": false }, "selfSigned": { - "additionalProperties": false, + "description": "SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.", + "type": "object", "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "vault": { - "additionalProperties": false, + "description": "Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.", + "type": "object", + "required": [ + "auth", + "path", + "server" + ], "properties": { "auth": { - "additionalProperties": false, + "description": "Auth configures how cert-manager authenticates with the Vault server.", + "type": "object", "properties": { "appRole": { - "additionalProperties": false, + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "type": "object", + "required": [ + "path", + "roleId", + "secretRef" + ], "properties": { "path": { + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", "type": "string" }, "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", + "type": "object", "required": [ - "path", - "roleId", + "role", "secretRef" ], - "type": "object" - }, - "kubernetes": { - "additionalProperties": false, "properties": { "mountPath": { + "description": "The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value \"/v1/auth/kubernetes\" will be used.", "type": "string" }, "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "role", - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "tokenSecretRef": { - "additionalProperties": false, + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "caBundle": { - "format": "byte", - "type": "string" + "description": "PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "type": "string", + "format": "byte" }, "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" }, "path": { + "description": "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\".", "type": "string" }, "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", "type": "string" } }, - "required": [ - "auth", - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "venafi": { - "additionalProperties": false, + "description": "Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.", + "type": "object", + "required": [ + "zone" + ], "properties": { "cloud": { - "additionalProperties": false, + "description": "Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "apiTokenSecretRef" + ], "properties": { "apiTokenSecretRef": { - "additionalProperties": false, + "description": "APITokenSecretRef is a secret key selector for the Venafi Cloud API token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for Venafi Cloud. Defaults to \"https://api.venafi.cloud/v1\".", "type": "string" } }, - "required": [ - "apiTokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "tpp": { - "additionalProperties": false, + "description": "TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "credentialsRef", + "url" + ], "properties": { "caBundle": { - "format": "byte", - "type": "string" + "description": "CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.", + "type": "string", + "format": "byte" }, "credentialsRef": { - "additionalProperties": false, + "description": "CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: \"https://tpp.example.com/vedsdk\".", "type": "string" } }, - "required": [ - "credentialsRef", - "url" - ], - "type": "object" + "additionalProperties": false }, "zone": { + "description": "Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.", "type": "string" } }, - "required": [ - "zone" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the ClusterIssuer. This is set and managed automatically.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", + "type": "object", "properties": { "lastRegisteredEmail": { + "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string" }, "uri": { + "description": "URI is the unique account identifier, which can also be used to retrieve account details from the CA", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "IssuerCondition contains condition information for an Issuer.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/clusterissuer_v1alpha3.json b/schema/cert-manager.io/clusterissuer_v1alpha3.json index 50938c16f..452535b26 100644 --- a/schema/cert-manager.io/clusterissuer_v1alpha3.json +++ b/schema/cert-manager.io/clusterissuer_v1alpha3.json @@ -1,1444 +1,1720 @@ { + "description": "A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the ClusterIssuer resource.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.", + "type": "object", + "required": [ + "privateKeySecretRef", + "server" + ], "properties": { "disableAccountKeyGeneration": { + "description": "Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.", "type": "boolean" }, "email": { + "description": "Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.", "type": "string" }, "enableDurationFeature": { + "description": "Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.", "type": "boolean" }, "externalAccountBinding": { - "additionalProperties": false, + "description": "ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.", + "type": "object", + "required": [ + "keyID", + "keySecretRef" + ], "properties": { "keyAlgorithm": { + "description": "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.", + "type": "string", "enum": [ "HS256", "HS384", "HS512" - ], - "type": "string" + ] }, "keyID": { + "description": "keyID is the ID of the CA key that the External Account is bound to.", "type": "string" }, "keySecretRef": { - "additionalProperties": false, + "description": "keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "keyID", - "keySecretRef" - ], - "type": "object" + "additionalProperties": false }, "preferredChain": { - "maxLength": 64, - "type": "string" + "description": "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN", + "type": "string", + "maxLength": 64 }, "privateKeySecretRef": { - "additionalProperties": false, + "description": "PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "server": { + "description": "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported.", "type": "string" }, "skipTLSVerify": { + "description": "Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.", "type": "boolean" }, "solvers": { + "description": "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/", + "type": "array", "items": { - "additionalProperties": false, + "description": "Configures an issuer to solve challenges using the specified options. Only one of HTTP01 or DNS01 may be provided.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmedns": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azuredns": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "clouddns": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "privateKeySecretRef", - "server" - ], - "type": "object" + "additionalProperties": false }, "ca": { - "additionalProperties": false, + "description": "CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.", + "type": "object", + "required": [ + "secretName" + ], "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ocspServers": { + "description": "The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be \"http://ocsp.int-x3.letsencrypt.org\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "secretName": { + "description": "SecretName is the name of the secret used to sign Certificates issued by this Issuer.", "type": "string" } }, - "required": [ - "secretName" - ], - "type": "object" + "additionalProperties": false }, "selfSigned": { - "additionalProperties": false, + "description": "SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.", + "type": "object", "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "vault": { - "additionalProperties": false, + "description": "Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.", + "type": "object", + "required": [ + "auth", + "path", + "server" + ], "properties": { "auth": { - "additionalProperties": false, + "description": "Auth configures how cert-manager authenticates with the Vault server.", + "type": "object", "properties": { "appRole": { - "additionalProperties": false, + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "type": "object", + "required": [ + "path", + "roleId", + "secretRef" + ], "properties": { "path": { + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", "type": "string" }, "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", + "type": "object", "required": [ - "path", - "roleId", + "role", "secretRef" ], - "type": "object" - }, - "kubernetes": { - "additionalProperties": false, "properties": { "mountPath": { + "description": "The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value \"/v1/auth/kubernetes\" will be used.", "type": "string" }, "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "role", - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "tokenSecretRef": { - "additionalProperties": false, + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "caBundle": { - "format": "byte", - "type": "string" + "description": "PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "type": "string", + "format": "byte" }, "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" }, "path": { + "description": "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\".", "type": "string" }, "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", "type": "string" } }, - "required": [ - "auth", - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "venafi": { - "additionalProperties": false, + "description": "Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.", + "type": "object", + "required": [ + "zone" + ], "properties": { "cloud": { - "additionalProperties": false, + "description": "Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "apiTokenSecretRef" + ], "properties": { "apiTokenSecretRef": { - "additionalProperties": false, + "description": "APITokenSecretRef is a secret key selector for the Venafi Cloud API token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for Venafi Cloud. Defaults to \"https://api.venafi.cloud/v1\".", "type": "string" } }, - "required": [ - "apiTokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "tpp": { - "additionalProperties": false, + "description": "TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "credentialsRef", + "url" + ], "properties": { "caBundle": { - "format": "byte", - "type": "string" + "description": "CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.", + "type": "string", + "format": "byte" }, "credentialsRef": { - "additionalProperties": false, + "description": "CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: \"https://tpp.example.com/vedsdk\".", "type": "string" } }, - "required": [ - "credentialsRef", - "url" - ], - "type": "object" + "additionalProperties": false }, "zone": { + "description": "Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.", "type": "string" } }, - "required": [ - "zone" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the ClusterIssuer. This is set and managed automatically.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", + "type": "object", "properties": { "lastRegisteredEmail": { + "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string" }, "uri": { + "description": "URI is the unique account identifier, which can also be used to retrieve account details from the CA", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "IssuerCondition contains condition information for an Issuer.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/clusterissuer_v1beta1.json b/schema/cert-manager.io/clusterissuer_v1beta1.json index edf5085bb..40f1f7229 100644 --- a/schema/cert-manager.io/clusterissuer_v1beta1.json +++ b/schema/cert-manager.io/clusterissuer_v1beta1.json @@ -1,1447 +1,1723 @@ { + "description": "A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent.", + "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the ClusterIssuer resource.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.", + "type": "object", + "required": [ + "privateKeySecretRef", + "server" + ], "properties": { "disableAccountKeyGeneration": { + "description": "Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.", "type": "boolean" }, "email": { + "description": "Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.", "type": "string" }, "enableDurationFeature": { + "description": "Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.", "type": "boolean" }, "externalAccountBinding": { - "additionalProperties": false, + "description": "ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.", + "type": "object", + "required": [ + "keyID", + "keySecretRef" + ], "properties": { "keyAlgorithm": { + "description": "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.", + "type": "string", "enum": [ "HS256", "HS384", "HS512" - ], - "type": "string" + ] }, "keyID": { + "description": "keyID is the ID of the CA key that the External Account is bound to.", "type": "string" }, "keySecretRef": { - "additionalProperties": false, + "description": "keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "keyID", - "keySecretRef" - ], - "type": "object" + "additionalProperties": false }, "preferredChain": { - "maxLength": 64, - "type": "string" + "description": "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN", + "type": "string", + "maxLength": 64 }, "privateKeySecretRef": { - "additionalProperties": false, + "description": "PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "server": { + "description": "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported.", "type": "string" }, "skipTLSVerify": { + "description": "Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.", "type": "boolean" }, "solvers": { + "description": "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/", + "type": "array", "items": { - "additionalProperties": false, + "description": "Configures an issuer to solve challenges using the specified options. Only one of HTTP01 or DNS01 may be provided.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmeDNS": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azureDNS": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "cloudDNS": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "privateKeySecretRef", - "server" - ], - "type": "object" + "additionalProperties": false }, "ca": { - "additionalProperties": false, + "description": "CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.", + "type": "object", + "required": [ + "secretName" + ], "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ocspServers": { + "description": "The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be \"http://ocsp.int-x3.letsencrypt.org\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "secretName": { + "description": "SecretName is the name of the secret used to sign Certificates issued by this Issuer.", "type": "string" } }, - "required": [ - "secretName" - ], - "type": "object" + "additionalProperties": false }, "selfSigned": { - "additionalProperties": false, + "description": "SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.", + "type": "object", "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "vault": { - "additionalProperties": false, + "description": "Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.", + "type": "object", + "required": [ + "auth", + "path", + "server" + ], "properties": { "auth": { - "additionalProperties": false, + "description": "Auth configures how cert-manager authenticates with the Vault server.", + "type": "object", "properties": { "appRole": { - "additionalProperties": false, + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "type": "object", + "required": [ + "path", + "roleId", + "secretRef" + ], "properties": { "path": { + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", "type": "string" }, "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", + "type": "object", "required": [ - "path", - "roleId", + "role", "secretRef" ], - "type": "object" - }, - "kubernetes": { - "additionalProperties": false, "properties": { "mountPath": { + "description": "The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value \"/v1/auth/kubernetes\" will be used.", "type": "string" }, "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "role", - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "tokenSecretRef": { - "additionalProperties": false, + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "caBundle": { - "format": "byte", - "type": "string" + "description": "PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "type": "string", + "format": "byte" }, "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" }, "path": { + "description": "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\".", "type": "string" }, "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", "type": "string" } }, - "required": [ - "auth", - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "venafi": { - "additionalProperties": false, + "description": "Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.", + "type": "object", + "required": [ + "zone" + ], "properties": { "cloud": { - "additionalProperties": false, + "description": "Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "apiTokenSecretRef" + ], "properties": { "apiTokenSecretRef": { - "additionalProperties": false, + "description": "APITokenSecretRef is a secret key selector for the Venafi Cloud API token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for Venafi Cloud. Defaults to \"https://api.venafi.cloud/v1\".", "type": "string" } }, - "required": [ - "apiTokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "tpp": { - "additionalProperties": false, + "description": "TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "credentialsRef", + "url" + ], "properties": { "caBundle": { - "format": "byte", - "type": "string" + "description": "CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.", + "type": "string", + "format": "byte" }, "credentialsRef": { - "additionalProperties": false, + "description": "CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: \"https://tpp.example.com/vedsdk\".", "type": "string" } }, - "required": [ - "credentialsRef", - "url" - ], - "type": "object" + "additionalProperties": false }, "zone": { + "description": "Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.", "type": "string" } }, - "required": [ - "zone" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the ClusterIssuer. This is set and managed automatically.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", + "type": "object", "properties": { "lastRegisteredEmail": { + "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string" }, "uri": { + "description": "URI is the unique account identifier, which can also be used to retrieve account details from the CA", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "IssuerCondition contains condition information for an Issuer.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "spec" - ], - "type": "object" + } } diff --git a/schema/cert-manager.io/issuer_v1alpha2.json b/schema/cert-manager.io/issuer_v1alpha2.json index 50938c16f..91f3aca72 100644 --- a/schema/cert-manager.io/issuer_v1alpha2.json +++ b/schema/cert-manager.io/issuer_v1alpha2.json @@ -1,1444 +1,1720 @@ { + "description": "An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the Issuer resource.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.", + "type": "object", + "required": [ + "privateKeySecretRef", + "server" + ], "properties": { "disableAccountKeyGeneration": { + "description": "Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.", "type": "boolean" }, "email": { + "description": "Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.", "type": "string" }, "enableDurationFeature": { + "description": "Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.", "type": "boolean" }, "externalAccountBinding": { - "additionalProperties": false, + "description": "ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.", + "type": "object", + "required": [ + "keyID", + "keySecretRef" + ], "properties": { "keyAlgorithm": { + "description": "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.", + "type": "string", "enum": [ "HS256", "HS384", "HS512" - ], - "type": "string" + ] }, "keyID": { + "description": "keyID is the ID of the CA key that the External Account is bound to.", "type": "string" }, "keySecretRef": { - "additionalProperties": false, + "description": "keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "keyID", - "keySecretRef" - ], - "type": "object" + "additionalProperties": false }, "preferredChain": { - "maxLength": 64, - "type": "string" + "description": "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN", + "type": "string", + "maxLength": 64 }, "privateKeySecretRef": { - "additionalProperties": false, + "description": "PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "server": { + "description": "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported.", "type": "string" }, "skipTLSVerify": { + "description": "Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.", "type": "boolean" }, "solvers": { + "description": "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/", + "type": "array", "items": { - "additionalProperties": false, + "description": "Configures an issuer to solve challenges using the specified options. Only one of HTTP01 or DNS01 may be provided.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmedns": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azuredns": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "clouddns": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "privateKeySecretRef", - "server" - ], - "type": "object" + "additionalProperties": false }, "ca": { - "additionalProperties": false, + "description": "CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.", + "type": "object", + "required": [ + "secretName" + ], "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ocspServers": { + "description": "The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be \"http://ocsp.int-x3.letsencrypt.org\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "secretName": { + "description": "SecretName is the name of the secret used to sign Certificates issued by this Issuer.", "type": "string" } }, - "required": [ - "secretName" - ], - "type": "object" + "additionalProperties": false }, "selfSigned": { - "additionalProperties": false, + "description": "SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.", + "type": "object", "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "vault": { - "additionalProperties": false, + "description": "Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.", + "type": "object", + "required": [ + "auth", + "path", + "server" + ], "properties": { "auth": { - "additionalProperties": false, + "description": "Auth configures how cert-manager authenticates with the Vault server.", + "type": "object", "properties": { "appRole": { - "additionalProperties": false, + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "type": "object", + "required": [ + "path", + "roleId", + "secretRef" + ], "properties": { "path": { + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", "type": "string" }, "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", + "type": "object", "required": [ - "path", - "roleId", + "role", "secretRef" ], - "type": "object" - }, - "kubernetes": { - "additionalProperties": false, "properties": { "mountPath": { + "description": "The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value \"/v1/auth/kubernetes\" will be used.", "type": "string" }, "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "role", - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "tokenSecretRef": { - "additionalProperties": false, + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "caBundle": { - "format": "byte", - "type": "string" + "description": "PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "type": "string", + "format": "byte" }, "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" }, "path": { + "description": "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\".", "type": "string" }, "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", "type": "string" } }, - "required": [ - "auth", - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "venafi": { - "additionalProperties": false, + "description": "Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.", + "type": "object", + "required": [ + "zone" + ], "properties": { "cloud": { - "additionalProperties": false, + "description": "Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "apiTokenSecretRef" + ], "properties": { "apiTokenSecretRef": { - "additionalProperties": false, + "description": "APITokenSecretRef is a secret key selector for the Venafi Cloud API token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for Venafi Cloud. Defaults to \"https://api.venafi.cloud/v1\".", "type": "string" } }, - "required": [ - "apiTokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "tpp": { - "additionalProperties": false, + "description": "TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "credentialsRef", + "url" + ], "properties": { "caBundle": { - "format": "byte", - "type": "string" + "description": "CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.", + "type": "string", + "format": "byte" }, "credentialsRef": { - "additionalProperties": false, + "description": "CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: \"https://tpp.example.com/vedsdk\".", "type": "string" } }, - "required": [ - "credentialsRef", - "url" - ], - "type": "object" + "additionalProperties": false }, "zone": { + "description": "Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.", "type": "string" } }, - "required": [ - "zone" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the Issuer. This is set and managed automatically.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", + "type": "object", "properties": { "lastRegisteredEmail": { + "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string" }, "uri": { + "description": "URI is the unique account identifier, which can also be used to retrieve account details from the CA", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "IssuerCondition contains condition information for an Issuer.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/issuer_v1alpha3.json b/schema/cert-manager.io/issuer_v1alpha3.json index 50938c16f..91f3aca72 100644 --- a/schema/cert-manager.io/issuer_v1alpha3.json +++ b/schema/cert-manager.io/issuer_v1alpha3.json @@ -1,1444 +1,1720 @@ { + "description": "An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the Issuer resource.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.", + "type": "object", + "required": [ + "privateKeySecretRef", + "server" + ], "properties": { "disableAccountKeyGeneration": { + "description": "Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.", "type": "boolean" }, "email": { + "description": "Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.", "type": "string" }, "enableDurationFeature": { + "description": "Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.", "type": "boolean" }, "externalAccountBinding": { - "additionalProperties": false, + "description": "ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.", + "type": "object", + "required": [ + "keyID", + "keySecretRef" + ], "properties": { "keyAlgorithm": { + "description": "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.", + "type": "string", "enum": [ "HS256", "HS384", "HS512" - ], - "type": "string" + ] }, "keyID": { + "description": "keyID is the ID of the CA key that the External Account is bound to.", "type": "string" }, "keySecretRef": { - "additionalProperties": false, + "description": "keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "keyID", - "keySecretRef" - ], - "type": "object" + "additionalProperties": false }, "preferredChain": { - "maxLength": 64, - "type": "string" + "description": "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN", + "type": "string", + "maxLength": 64 }, "privateKeySecretRef": { - "additionalProperties": false, + "description": "PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "server": { + "description": "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported.", "type": "string" }, "skipTLSVerify": { + "description": "Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.", "type": "boolean" }, "solvers": { + "description": "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/", + "type": "array", "items": { - "additionalProperties": false, + "description": "Configures an issuer to solve challenges using the specified options. Only one of HTTP01 or DNS01 may be provided.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmedns": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azuredns": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "clouddns": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "privateKeySecretRef", - "server" - ], - "type": "object" + "additionalProperties": false }, "ca": { - "additionalProperties": false, + "description": "CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.", + "type": "object", + "required": [ + "secretName" + ], "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ocspServers": { + "description": "The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be \"http://ocsp.int-x3.letsencrypt.org\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "secretName": { + "description": "SecretName is the name of the secret used to sign Certificates issued by this Issuer.", "type": "string" } }, - "required": [ - "secretName" - ], - "type": "object" + "additionalProperties": false }, "selfSigned": { - "additionalProperties": false, + "description": "SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.", + "type": "object", "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "vault": { - "additionalProperties": false, + "description": "Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.", + "type": "object", + "required": [ + "auth", + "path", + "server" + ], "properties": { "auth": { - "additionalProperties": false, + "description": "Auth configures how cert-manager authenticates with the Vault server.", + "type": "object", "properties": { "appRole": { - "additionalProperties": false, + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "type": "object", + "required": [ + "path", + "roleId", + "secretRef" + ], "properties": { "path": { + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", "type": "string" }, "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", + "type": "object", "required": [ - "path", - "roleId", + "role", "secretRef" ], - "type": "object" - }, - "kubernetes": { - "additionalProperties": false, "properties": { "mountPath": { + "description": "The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value \"/v1/auth/kubernetes\" will be used.", "type": "string" }, "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "role", - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "tokenSecretRef": { - "additionalProperties": false, + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "caBundle": { - "format": "byte", - "type": "string" + "description": "PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "type": "string", + "format": "byte" }, "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" }, "path": { + "description": "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\".", "type": "string" }, "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", "type": "string" } }, - "required": [ - "auth", - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "venafi": { - "additionalProperties": false, + "description": "Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.", + "type": "object", + "required": [ + "zone" + ], "properties": { "cloud": { - "additionalProperties": false, + "description": "Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "apiTokenSecretRef" + ], "properties": { "apiTokenSecretRef": { - "additionalProperties": false, + "description": "APITokenSecretRef is a secret key selector for the Venafi Cloud API token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for Venafi Cloud. Defaults to \"https://api.venafi.cloud/v1\".", "type": "string" } }, - "required": [ - "apiTokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "tpp": { - "additionalProperties": false, + "description": "TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "credentialsRef", + "url" + ], "properties": { "caBundle": { - "format": "byte", - "type": "string" + "description": "CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.", + "type": "string", + "format": "byte" }, "credentialsRef": { - "additionalProperties": false, + "description": "CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: \"https://tpp.example.com/vedsdk\".", "type": "string" } }, - "required": [ - "credentialsRef", - "url" - ], - "type": "object" + "additionalProperties": false }, "zone": { + "description": "Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.", "type": "string" } }, - "required": [ - "zone" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the Issuer. This is set and managed automatically.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", + "type": "object", "properties": { "lastRegisteredEmail": { + "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string" }, "uri": { + "description": "URI is the unique account identifier, which can also be used to retrieve account details from the CA", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "IssuerCondition contains condition information for an Issuer.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cert-manager.io/issuer_v1beta1.json b/schema/cert-manager.io/issuer_v1beta1.json index edf5085bb..35ea4611e 100644 --- a/schema/cert-manager.io/issuer_v1beta1.json +++ b/schema/cert-manager.io/issuer_v1beta1.json @@ -1,1447 +1,1723 @@ { + "description": "An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace.", + "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Desired state of the Issuer resource.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates.", + "type": "object", + "required": [ + "privateKeySecretRef", + "server" + ], "properties": { "disableAccountKeyGeneration": { + "description": "Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false.", "type": "boolean" }, "email": { + "description": "Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered.", "type": "string" }, "enableDurationFeature": { + "description": "Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false.", "type": "boolean" }, "externalAccountBinding": { - "additionalProperties": false, + "description": "ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account.", + "type": "object", + "required": [ + "keyID", + "keySecretRef" + ], "properties": { "keyAlgorithm": { + "description": "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.", + "type": "string", "enum": [ "HS256", "HS384", "HS512" - ], - "type": "string" + ] }, "keyID": { + "description": "keyID is the ID of the CA key that the External Account is bound to.", "type": "string" }, "keySecretRef": { - "additionalProperties": false, + "description": "keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "keyID", - "keySecretRef" - ], - "type": "object" + "additionalProperties": false }, "preferredChain": { - "maxLength": 64, - "type": "string" + "description": "PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let's Encrypt's DST crosssign you would use: \"DST Root CA X3\" or \"ISRG Root X1\" for the newer Let's Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer's CN", + "type": "string", + "maxLength": 64 }, "privateKeySecretRef": { - "additionalProperties": false, + "description": "PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "server": { + "description": "Server is the URL used to access the ACME server's 'directory' endpoint. For example, for Let's Encrypt's staging endpoint, you would use: \"https://acme-staging-v02.api.letsencrypt.org/directory\". Only ACME v2 endpoints (i.e. RFC 8555) are supported.", "type": "string" }, "skipTLSVerify": { + "description": "Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have their TLS certificate validated (i.e. insecure connections will be allowed). Only enable this option in development environments. The cert-manager system installed roots will be used to verify connections to the ACME server if this is false. Defaults to false.", "type": "boolean" }, "solvers": { + "description": "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/", + "type": "array", "items": { - "additionalProperties": false, + "description": "Configures an issuer to solve challenges using the specified options. Only one of HTTP01 or DNS01 may be provided.", + "type": "object", "properties": { "dns01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow.", + "type": "object", "properties": { "acmeDNS": { - "additionalProperties": false, + "description": "Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accountSecretRef", + "host" + ], "properties": { "accountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "host": { "type": "string" } }, - "required": [ - "accountSecretRef", - "host" - ], - "type": "object" + "additionalProperties": false }, "akamai": { - "additionalProperties": false, + "description": "Use the Akamai DNS zone management API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "accessTokenSecretRef", + "clientSecretSecretRef", + "clientTokenSecretRef", + "serviceConsumerDomain" + ], "properties": { "accessTokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientSecretSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "clientTokenSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "clientTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "serviceConsumerDomain": { "type": "string" } }, - "required": [ - "accessTokenSecretRef", - "clientSecretSecretRef", - "clientTokenSecretRef", - "serviceConsumerDomain" - ], - "type": "object" + "additionalProperties": false }, "azureDNS": { - "additionalProperties": false, + "description": "Use the Microsoft Azure DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "resourceGroupName", + "subscriptionID" + ], "properties": { "clientID": { + "description": "if both this and ClientSecret are left unset MSI will be used", "type": "string" }, "clientSecretSecretRef": { - "additionalProperties": false, + "description": "if both this and ClientID are left unset MSI will be used", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "environment": { + "description": "name of the Azure environment (default AzurePublicCloud)", + "type": "string", "enum": [ "AzurePublicCloud", "AzureChinaCloud", "AzureGermanCloud", "AzureUSGovernmentCloud" - ], - "type": "string" + ] }, "hostedZoneName": { + "description": "name of the DNS zone that should be used", "type": "string" }, "managedIdentity": { - "additionalProperties": false, + "description": "managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID", + "type": "object", "properties": { "clientID": { + "description": "client ID of the managed identity, can not be used at the same time as resourceID", "type": "string" }, "resourceID": { + "description": "resource ID of the managed identity, can not be used at the same time as clientID", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "resourceGroupName": { + "description": "resource group the DNS zone is located in", "type": "string" }, "subscriptionID": { + "description": "ID of the Azure subscription", "type": "string" }, "tenantID": { + "description": "when specifying ClientID and ClientSecret then this field is also needed", "type": "string" } }, - "required": [ - "resourceGroupName", - "subscriptionID" - ], - "type": "object" + "additionalProperties": false }, "cloudDNS": { - "additionalProperties": false, + "description": "Use the Google Cloud DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "project" + ], "properties": { "hostedZoneName": { + "description": "HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone.", "type": "string" }, "project": { "type": "string" }, "serviceAccountSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "project" - ], - "type": "object" + "additionalProperties": false }, "cloudflare": { - "additionalProperties": false, + "description": "Use the Cloudflare API to manage DNS01 challenge records.", + "type": "object", "properties": { "apiKeySecretRef": { - "additionalProperties": false, + "description": "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, + "additionalProperties": false + }, + "apiTokenSecretRef": { + "description": "API token used to authenticate with Cloudflare.", + "type": "object", "required": [ "name" ], - "type": "object" - }, - "apiTokenSecretRef": { - "additionalProperties": false, "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "email": { + "description": "Email of the account, only required when using API key based authentication.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "cnameStrategy": { + "description": "CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones.", + "type": "string", "enum": [ "None", "Follow" - ], - "type": "string" + ] }, "digitalocean": { - "additionalProperties": false, + "description": "Use the DigitalOcean DNS API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "tokenSecretRef" + ], "properties": { "tokenSecretRef": { - "additionalProperties": false, + "description": "A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "tokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "rfc2136": { - "additionalProperties": false, + "description": "Use RFC2136 (\"Dynamic Updates in the Domain Name System\") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records.", + "type": "object", + "required": [ + "nameserver" + ], "properties": { "nameserver": { + "description": "The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required.", "type": "string" }, "tsigAlgorithm": { + "description": "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.", "type": "string" }, "tsigKeyName": { + "description": "The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required.", "type": "string" }, "tsigSecretSecretRef": { - "additionalProperties": false, + "description": "The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "nameserver" - ], - "type": "object" + "additionalProperties": false }, "route53": { - "additionalProperties": false, + "description": "Use the AWS Route53 API to manage DNS01 challenge records.", + "type": "object", + "required": [ + "region" + ], "properties": { "accessKeyID": { + "description": "The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", "type": "string" }, "hostedZoneID": { + "description": "If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call.", "type": "string" }, "region": { + "description": "Always set the region when using AccessKeyID and SecretAccessKey", "type": "string" }, "role": { + "description": "Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata", "type": "string" }, "secretAccessKeySecretRef": { - "additionalProperties": false, + "description": "The SecretAccessKey is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "region" - ], - "type": "object" + "additionalProperties": false }, "webhook": { - "additionalProperties": false, + "description": "Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records.", + "type": "object", + "required": [ + "groupName", + "solverName" + ], "properties": { "config": { + "description": "Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation.", "x-kubernetes-preserve-unknown-fields": true }, "groupName": { + "description": "The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation.", "type": "string" }, "solverName": { + "description": "The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'.", "type": "string" } }, - "required": [ - "groupName", - "solverName" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "http01": { - "additionalProperties": false, + "description": "Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism.", + "type": "object", "properties": { "gatewayHTTPRoute": { - "additionalProperties": false, + "description": "The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future.", + "type": "object", "properties": { "labels": { + "description": "The labels that cert-manager will use when creating the temporary HTTPRoute needed for solving the HTTP-01 challenge. These labels must match the label selector of at least one Gateway.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ingress": { - "additionalProperties": false, + "description": "The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed.", + "type": "object", "properties": { "class": { + "description": "The ingress class to use when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of 'class' or 'name' may be specified.", "type": "string" }, "ingressTemplate": { - "additionalProperties": false, + "description": "Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver ingress.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources.", "type": "string" }, "podTemplate": { - "additionalProperties": false, + "description": "Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values.", + "type": "object", "properties": { "annotations": { + "description": "Annotations that should be added to the create ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "description": "Labels that should be added to the created ACME HTTP01 solver pods.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "PodSpec defines overrides for the HTTP01 challenge solver pod. Only the 'priorityClassName', 'nodeSelector', 'affinity', 'serviceAccountName' and 'tolerations' fields are supported currently. All other fields will be ignored.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces. This field is beta-level and is only honored when PodAffinityNamespaceSelector feature is enabled.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priorityClassName": { + "description": "If specified, the pod's priorityClassName.", "type": "string" }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceType": { + "description": "Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead.", + "type": "object", "properties": { "dnsNames": { + "description": "List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dnsZones": { + "description": "List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "matchLabels": { + "description": "A label selector that is used to refine the set of certificate's that this challenge solver will apply to.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "privateKeySecretRef", - "server" - ], - "type": "object" + "additionalProperties": false }, "ca": { - "additionalProperties": false, + "description": "CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager.", + "type": "object", + "required": [ + "secretName" + ], "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ocspServers": { + "description": "The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be \"http://ocsp.int-x3.letsencrypt.org\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "secretName": { + "description": "SecretName is the name of the secret used to sign Certificates issued by this Issuer.", "type": "string" } }, - "required": [ - "secretName" - ], - "type": "object" + "additionalProperties": false }, "selfSigned": { - "additionalProperties": false, + "description": "SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object.", + "type": "object", "properties": { "crlDistributionPoints": { + "description": "The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "vault": { - "additionalProperties": false, + "description": "Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend.", + "type": "object", + "required": [ + "auth", + "path", + "server" + ], "properties": { "auth": { - "additionalProperties": false, + "description": "Auth configures how cert-manager authenticates with the Vault server.", + "type": "object", "properties": { "appRole": { - "additionalProperties": false, + "description": "AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource.", + "type": "object", + "required": [ + "path", + "roleId", + "secretRef" + ], "properties": { "path": { + "description": "Path where the App Role authentication backend is mounted in Vault, e.g: \"approle\"", "type": "string" }, "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server.", + "type": "object", "required": [ - "path", - "roleId", + "role", "secretRef" ], - "type": "object" - }, - "kubernetes": { - "additionalProperties": false, "properties": { "mountPath": { + "description": "The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value \"/v1/auth/kubernetes\" will be used.", "type": "string" }, "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "role", - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "tokenSecretRef": { - "additionalProperties": false, + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "caBundle": { - "format": "byte", - "type": "string" + "description": "PEM-encoded CA bundle (base64-encoded) used to validate Vault server certificate. Only used if the Server URL is using HTTPS protocol. This parameter is ignored for plain HTTP protocol connection. If not set the system root certificates are used to validate the TLS connection.", + "type": "string", + "format": "byte" }, "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: \"ns1\" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" }, "path": { + "description": "Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: \"my_pki_mount/sign/my-role-name\".", "type": "string" }, "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", "type": "string" } }, - "required": [ - "auth", - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "venafi": { - "additionalProperties": false, + "description": "Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone.", + "type": "object", + "required": [ + "zone" + ], "properties": { "cloud": { - "additionalProperties": false, + "description": "Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "apiTokenSecretRef" + ], "properties": { "apiTokenSecretRef": { - "additionalProperties": false, + "description": "APITokenSecretRef is a secret key selector for the Venafi Cloud API token.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required.", "type": "string" }, "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for Venafi Cloud. Defaults to \"https://api.venafi.cloud/v1\".", "type": "string" } }, - "required": [ - "apiTokenSecretRef" - ], - "type": "object" + "additionalProperties": false }, "tpp": { - "additionalProperties": false, + "description": "TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified.", + "type": "object", + "required": [ + "credentialsRef", + "url" + ], "properties": { "caBundle": { - "format": "byte", - "type": "string" + "description": "CABundle is a PEM encoded TLS certificate to use to verify connections to the TPP instance. If specified, system roots will not be used and the issuing CA for the TPP instance must be verifiable using the provided root. If not specified, the connection will be verified using the cert-manager system root certificates.", + "type": "string", + "format": "byte" }, "credentialsRef": { - "additionalProperties": false, + "description": "CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "url": { + "description": "URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: \"https://tpp.example.com/vedsdk\".", "type": "string" } }, - "required": [ - "credentialsRef", - "url" - ], - "type": "object" + "additionalProperties": false }, "zone": { + "description": "Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required.", "type": "string" } }, - "required": [ - "zone" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status of the Issuer. This is set and managed automatically.", + "type": "object", "properties": { "acme": { - "additionalProperties": false, + "description": "ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates.", + "type": "object", "properties": { "lastRegisteredEmail": { + "description": "LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer", "type": "string" }, "uri": { + "description": "URI is the unique account identifier, which can also be used to retrieve account details from the CA", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "conditions": { + "description": "List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`.", + "type": "array", "items": { - "additionalProperties": false, + "description": "IssuerCondition contains condition information for an Issuer.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer.", + "type": "integer", + "format": "int64" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "Type of the condition, known values are (`Ready`).", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "spec" - ], - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/account_v1alpha1.json b/schema/cf.containeroo.ch/account_v1alpha1.json index bd59ddb46..a2f5ca6a6 100644 --- a/schema/cf.containeroo.ch/account_v1alpha1.json +++ b/schema/cf.containeroo.ch/account_v1alpha1.json @@ -1,96 +1,106 @@ { + "description": "Account is the Schema for the accounts API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "AccountSpec defines the desired state of Account", + "type": "object", + "required": [ + "email", + "globalAPIKey" + ], "properties": { "email": { + "description": "Email of the Cloudflare account", "type": "string" }, - "globalApiKey": { - "additionalProperties": false, + "globalAPIKey": { + "description": "Global API key of the Cloudflare account", + "type": "object", + "required": [ + "secretRef" + ], "properties": { "secretRef": { - "additionalProperties": false, + "description": "Secret name containing the API key (key must be named \"apiKey\")", + "type": "object", "properties": { "name": { + "description": "Name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "Namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "interval": { - "default": "5m", - "type": "string" + "description": "Interval to check account status", + "type": "string", + "default": "5m" }, "managedZones": { + "description": "List of zone names that should be managed by cloudflare-operator", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "email", - "globalApiKey" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "AccountStatus defines the observed state of Account", + "type": "object", "properties": { "message": { + "description": "Message if the Account authentication failed", "type": "string" }, "phase": { + "description": "Phase of the Account", + "type": "string", "enum": [ "Active", "Failed" - ], - "type": "string" + ] }, "zones": { + "description": "Zones contains all the zones of the Account", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "id": { + "description": "ID of the zone", "type": "string" }, "name": { + "description": "Name of the zone", "type": "string" } }, - "required": [ - "id", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "phase" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/account_v1beta1.json b/schema/cf.containeroo.ch/account_v1beta1.json index 0c7ab247b..7bfdc5b2b 100644 --- a/schema/cf.containeroo.ch/account_v1beta1.json +++ b/schema/cf.containeroo.ch/account_v1beta1.json @@ -1,124 +1,146 @@ { + "description": "Account is the Schema for the accounts API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "AccountSpec defines the desired state of Account", + "type": "object", + "required": [ + "apiToken" + ], "properties": { "apiToken": { - "additionalProperties": false, + "description": "Cloudflare API token", + "type": "object", + "required": [ + "secretRef" + ], "properties": { "secretRef": { - "additionalProperties": false, + "description": "Secret containing the API token (key must be named \"apiToken\")", + "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "secretRef" - ], - "type": "object" + "additionalProperties": false }, "interval": { - "default": "5m", - "type": "string" + "description": "Interval to check account status", + "type": "string", + "default": "5m" }, "managedZones": { + "description": "List of zone names that should be managed by cloudflare-operator", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "apiToken" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "AccountStatus defines the observed state of Account", + "type": "object", "properties": { "conditions": { + "description": "Conditions contains the different condition statuses for the Account object.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "type": "object", + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { - "maxLength": 32768, - "type": "string" + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "type": "string", + "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", "maxLength": 1024, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "type": "string", "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "zones": { + "description": "Zones contains all the zones of the Account", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "id": { + "description": "ID of the zone", "type": "string" }, "name": { + "description": "Name of the zone", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/dnsrecord_v1alpha1.json b/schema/cf.containeroo.ch/dnsrecord_v1alpha1.json index 739eea177..ca4471cf9 100644 --- a/schema/cf.containeroo.ch/dnsrecord_v1alpha1.json +++ b/schema/cf.containeroo.ch/dnsrecord_v1alpha1.json @@ -1,102 +1,96 @@ { + "description": "DNSRecord is the Schema for the dnsrecords API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "DNSRecordSpec defines the desired state of DNSRecord", + "type": "object", + "required": [ + "name" + ], "properties": { "content": { + "description": "Content of the DNS record (e.g. 144.231.20.1)", "type": "string" }, "interval": { - "default": "5m", - "type": "string" + "description": "Interval to check DNSRecord", + "type": "string", + "default": "5m" }, "ipRef": { - "additionalProperties": false, + "description": "Reference to an IP object", + "type": "object", "properties": { - "apiVersion": { - "type": "string" - }, - "fieldPath": { - "type": "string" - }, - "kind": { - "type": "string" - }, "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "resourceVersion": { - "type": "string" - }, - "uid": { + "description": "Name of the IP object", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the DNS record (e.g. app.example.com)", "type": "string" }, "proxied": { - "default": true, - "type": "boolean" + "description": "Proxied indicates whether the DNS record should be proxied", + "type": "boolean", + "default": true }, "ttl": { + "description": "TTL of the DNS record (e.g. 300, 1 for automatic)", + "type": "integer", "default": 1, "maximum": 86400, - "minimum": 1, - "type": "integer" + "minimum": 1 }, "type": { + "description": "Type of DNS record (A, CNAME)", + "type": "string", "default": "A", "enum": [ "A", "CNAME" - ], - "type": "string" + ] } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "DNSRecordStatus defines the observed state of DNSRecord", + "type": "object", "properties": { "message": { + "description": "Message if the DNS record failed", "type": "string" }, "phase": { + "description": "Phase of the DNS record", + "type": "string", "enum": [ "Created", "Pending", "Failed" - ], - "type": "string" + ] }, - "recordId": { + "recordID": { + "description": "Cloudflare DNS record ID", "type": "string" } }, - "required": [ - "phase", - "recordId" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/dnsrecord_v1beta1.json b/schema/cf.containeroo.ch/dnsrecord_v1beta1.json index bef878ce0..9aa4e5b55 100644 --- a/schema/cf.containeroo.ch/dnsrecord_v1beta1.json +++ b/schema/cf.containeroo.ch/dnsrecord_v1beta1.json @@ -1,122 +1,146 @@ { + "description": "DNSRecord is the Schema for the dnsrecords API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "DNSRecordSpec defines the desired state of DNSRecord", + "type": "object", + "required": [ + "name" + ], "properties": { "content": { + "description": "DNS record content (e.g. 127.0.0.1)", "type": "string" }, "data": { + "description": "Data holds arbitrary key-value pairs used to further configure the DNS record", "x-kubernetes-preserve-unknown-fields": true }, "interval": { - "default": "5m", - "type": "string" + "description": "Interval to check DNSRecord", + "type": "string", + "default": "5m" }, "ipRef": { - "additionalProperties": false, + "description": "Reference to an IP object", + "type": "object", "properties": { "name": { + "description": "Name of the IP object", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { - "maxLength": 255, - "type": "string" + "description": "DNS record name (e.g. example.com)", + "type": "string", + "maxLength": 255 }, "priority": { + "description": "Required for MX, SRV and URI records; unused by other record types. Records with lower priorities are preferred.", + "type": "integer", "maximum": 65535, - "minimum": 0, - "type": "integer" + "minimum": 0 }, "proxied": { - "default": true, - "type": "boolean" + "description": "Whether the record is receiving the performance and security benefits of Cloudflare", + "type": "boolean", + "default": true }, "ttl": { + "description": "Time to live, in seconds, of the DNS record. Must be between 60 and 86400, or 1 for 'automatic' (e.g. 3600)", + "type": "integer", "default": 1, "maximum": 86400, - "minimum": 1, - "type": "integer" + "minimum": 1 }, "type": { - "default": "A", - "type": "string" + "description": "DNS record type", + "type": "string", + "default": "A" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "DNSRecordStatus defines the observed state of DNSRecord", + "type": "object", "properties": { "conditions": { + "description": "Conditions contains the different condition statuses for the DNSRecord object.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "type": "object", + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { - "maxLength": 32768, - "type": "string" + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "type": "string", + "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", "maxLength": 1024, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "type": "string", "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "recordID": { + "description": "Cloudflare DNS record ID", "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/ip_v1alpha1.json b/schema/cf.containeroo.ch/ip_v1alpha1.json index 9225fa148..094bb9c64 100644 --- a/schema/cf.containeroo.ch/ip_v1alpha1.json +++ b/schema/cf.containeroo.ch/ip_v1alpha1.json @@ -1,62 +1,71 @@ { + "description": "IP is the Schema for the ips API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "IPSpec defines the desired state of IP", + "type": "object", "properties": { "address": { + "description": "IP address (omit if type is dynamic)", "type": "string" }, - "dynamicIpSources": { + "dynamicIPSources": { + "description": "List of services that return the public IP address", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "interval": { + "description": "Interval at which a dynamic IP should be checked", "type": "string" }, "type": { + "description": "IP address type (static or dynamic)", + "type": "string", "default": "static", "enum": [ "static", "dynamic" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "IPStatus defines the observed state of IP", + "type": "object", "properties": { "lastObservedIP": { + "description": "LastObservedIP contains the IP address observed at the last interval (used to determine whether the IP has changed)", "type": "string" }, "message": { + "description": "Message if the IP failed to update", "type": "string" }, "phase": { + "description": "Phase of the IP", + "type": "string", "enum": [ "Ready", "Failed" - ], - "type": "string" + ] } }, - "required": [ - "lastObservedIP" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/ip_v1beta1.json b/schema/cf.containeroo.ch/ip_v1beta1.json index 8b6f7f126..cf505b69c 100644 --- a/schema/cf.containeroo.ch/ip_v1beta1.json +++ b/schema/cf.containeroo.ch/ip_v1beta1.json @@ -1,141 +1,169 @@ { + "description": "IP is the Schema for the ips API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "IPSpec defines the desired state of IP", + "type": "object", "properties": { "address": { + "description": "IP address (omit if type is dynamic)", "type": "string" }, "interval": { + "description": "Interval at which a dynamic IP should be checked", "type": "string" }, "ipSources": { + "description": "IPSources can be configured to get an IP from an external source (e.g. an API or public IP echo service)", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "insecureSkipVerify": { + "description": "InsecureSkipVerify defines whether to skip TLS certificate verification", "type": "boolean" }, "postProcessingRegex": { + "description": "PostProcessingRegex defines the regular expression to be used to extract the IP from the response or a JQ filter result", "type": "string" }, "requestBody": { + "description": "RequestBody to be sent to the URL", "type": "string" }, "requestHeaders": { + "description": "RequestHeaders to be sent to the URL", "x-kubernetes-preserve-unknown-fields": true }, "requestHeadersSecretRef": { - "additionalProperties": false, + "description": "RequestHeadersSecretRef is a secret reference to the headers to be sent to the URL (e.g. for authentication) where the key is the header name and the value is the header value", + "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "requestMethod": { + "description": "RequestMethod defines the HTTP method to be used", + "type": "string", "default": "GET", "enum": [ "GET", "POST", "PUT", "DELETE" - ], - "type": "string" + ] }, "responseJQFilter": { + "description": "ResponseJQFilter applies a JQ filter to the response to extract the IP", "type": "string" }, "url": { + "description": "URL of the IP source (e.g. https://checkip.amazonaws.com)", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "type": { + "description": "IP address type (static or dynamic)", + "type": "string", "default": "static", "enum": [ "static", "dynamic" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "IPStatus defines the observed state of IP", + "type": "object", "properties": { "conditions": { + "description": "Conditions contains the different condition statuses for the IP object.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "type": "object", + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { - "maxLength": 32768, - "type": "string" + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "type": "string", + "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", "maxLength": 1024, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "type": "string", "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "lastObservedIP": { + "description": "LastObservedIP contains the IP address observed at the last interval (used to determine whether the IP has changed)", "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/zone_v1alpha1.json b/schema/cf.containeroo.ch/zone_v1alpha1.json index 3499cfbad..6eb583be0 100644 --- a/schema/cf.containeroo.ch/zone_v1alpha1.json +++ b/schema/cf.containeroo.ch/zone_v1alpha1.json @@ -1,54 +1,61 @@ { + "description": "Zone is the Schema for the zones API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ZoneSpec defines the desired state of Zone", + "type": "object", + "required": [ + "id", + "name" + ], "properties": { "id": { + "description": "ID of the zone", "type": "string" }, "interval": { - "default": "5m", - "type": "string" + "description": "Interval to check zone status", + "type": "string", + "default": "5m" }, "name": { + "description": "Name of the zone", "type": "string" } }, - "required": [ - "id", - "name" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "ZoneStatus defines the observed state of Zone", + "type": "object", "properties": { "message": { + "description": "Message if the Zone failed", "type": "string" }, "phase": { + "description": "Phase of the Zone", + "type": "string", "enum": [ "Active", "Pending", "Failed" - ], - "type": "string" + ] } }, - "required": [ - "phase" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cf.containeroo.ch/zone_v1beta1.json b/schema/cf.containeroo.ch/zone_v1beta1.json index b26564a5a..e2b7d81b0 100644 --- a/schema/cf.containeroo.ch/zone_v1beta1.json +++ b/schema/cf.containeroo.ch/zone_v1beta1.json @@ -1,88 +1,104 @@ { + "description": "Zone is the Schema for the zones API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ZoneSpec defines the desired state of Zone", + "type": "object", + "required": [ + "id", + "name" + ], "properties": { "id": { + "description": "ID of the zone", "type": "string" }, "interval": { - "default": "5m", - "type": "string" + "description": "Interval to check zone status", + "type": "string", + "default": "5m" }, "name": { + "description": "Name of the zone", "type": "string" } }, - "required": [ - "id", - "name" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "ZoneStatus defines the observed state of Zone", + "type": "object", "properties": { "conditions": { + "description": "Conditions contains the different condition statuses for the Zone object.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "type": "object", + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { - "maxLength": 32768, - "type": "string" + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "type": "string", + "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", "maxLength": 1024, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "type": "string", "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/cilium.io/ciliumbgploadbalancerippool_v2alpha1.json b/schema/cilium.io/ciliumbgploadbalancerippool_v2alpha1.json index 9c35184fd..03b3b74b1 100644 --- a/schema/cilium.io/ciliumbgploadbalancerippool_v2alpha1.json +++ b/schema/cilium.io/ciliumbgploadbalancerippool_v2alpha1.json @@ -1,33 +1,41 @@ { + "description": "CiliumBGPLoadBalancerIPPool is a Kubernetes third-party resource which instructs the BGP control plane to allocate and advertise IPs for Services of type LoadBalancer.", "type": "object", "required": [ "metadata" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "Spec is a human readable description for a BGP load balancer ip pool.", "type": "object", "required": [ "prefix" ], "properties": { "default": { + "description": "Default determines if this is the default IP pool for allocating from when LBSelector is nil or empty.", "type": "boolean" }, "lbSelector": { + "description": "LBSelector will determine if a created LoadBalancer is allocated an IP from this pool.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -35,9 +43,11 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string", "enum": [ "In", @@ -47,6 +57,7 @@ ] }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -57,6 +68,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", @@ -69,11 +81,14 @@ "additionalProperties": false }, "nodeSelector": { + "description": "NodeSelector selects a group of nodes which will advertise the presence of any LoadBalancers allocated from this IP pool. \n If nil all nodes will advertise the presence of any LoadBalancer allocated an IP from this pool.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -81,9 +96,11 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string", "enum": [ "In", @@ -93,6 +110,7 @@ ] }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -103,6 +121,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", @@ -115,6 +134,7 @@ "additionalProperties": false }, "prefix": { + "description": "The CIDR block of IPs to allocate from.", "type": "string", "format": "cidr" } diff --git a/schema/cilium.io/ciliumegressnatpolicy_v2alpha1.json b/schema/cilium.io/ciliumegressnatpolicy_v2alpha1.json index 2a871727f..9e8b4fedf 100644 --- a/schema/cilium.io/ciliumegressnatpolicy_v2alpha1.json +++ b/schema/cilium.io/ciliumegressnatpolicy_v2alpha1.json @@ -5,9 +5,11 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -22,6 +24,7 @@ ], "properties": { "destinationCIDRs": { + "description": "DestinationCIDRs is a list of destination CIDRs for destination IP addresses. If a destination IP matches any one CIDR, it will be selected.", "type": "array", "items": { "type": "string", @@ -29,16 +32,20 @@ } }, "egress": { + "description": "Egress represents a list of rules by which egress traffic is filtered from the source pods.", "type": "array", "items": { "type": "object", "properties": { "namespaceSelector": { + "description": "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -46,9 +53,11 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string", "enum": [ "In", @@ -58,6 +67,7 @@ ] }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -68,6 +78,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", @@ -80,11 +91,14 @@ "additionalProperties": false }, "podSelector": { + "description": "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -92,9 +106,11 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string", "enum": [ "In", @@ -104,6 +120,7 @@ ] }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -114,6 +131,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", @@ -130,6 +148,7 @@ } }, "egressSourceIP": { + "description": "EgressSourceIP is a source ip address that the egress traffic is redirected to and SNATed with. \n Example: When it is set to \"192.168.1.100\", matched egress packets will be redirected to node with ip 192.168.1.100 and SNAT’ed with IP address 192.168.1.100.", "type": "string", "pattern": "((^\\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\\s*$)|(^\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*$))" } diff --git a/schema/cilium.io/ciliumexternalworkload_v2.json b/schema/cilium.io/ciliumexternalworkload_v2.json index c907f2ec9..32aff2d2b 100644 --- a/schema/cilium.io/ciliumexternalworkload_v2.json +++ b/schema/cilium.io/ciliumexternalworkload_v2.json @@ -1,26 +1,32 @@ { + "description": "CiliumExternalWorkload is a Kubernetes Custom Resource that\ncontains a specification for an external workload that can join the\ncluster. The name of the CRD is the FQDN of the external workload,\nand it needs to match the name in the workload registration. The\nlabels on the CRD object are the labels that will be used to\nallocate a Cilium Identity for the external workload. If\n'io.kubernetes.pod.namespace' or 'io.kubernetes.pod.name' labels\nare not explicitly specified, they will be defaulted to 'default'\nand \u003cworkload name\u003e, respectively. 'io.cilium.k8s.policy.cluster'\nwill always be defined as the name of the current cluster, which\ndefaults to \"default\".", "type": "object", "required": [ "metadata" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "Spec is the desired configuration of the external Cilium workload.", "type": "object", "properties": { "ipv4-alloc-cidr": { + "description": "IPv4AllocCIDR is the range of IPv4 addresses in the CIDR format that the external workload can\nuse to allocate IP addresses for the tunnel device and the health endpoint.", "type": "string", "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$" }, "ipv6-alloc-cidr": { + "description": "IPv6AllocCIDR is the range of IPv6 addresses in the CIDR format that the external workload can\nuse to allocate IP addresses for the tunnel device and the health endpoint.", "type": "string", "pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$" } @@ -28,13 +34,16 @@ "additionalProperties": false }, "status": { + "description": "Status is the most recent status of the external Cilium workload.\nIt is a read-only field.", "type": "object", "properties": { "id": { + "description": "ID is the numeric identity allocated for the external workload.", "type": "integer", "format": "int64" }, "ip": { + "description": "IP is the IP address of the workload. Empty if the workload has not registered.", "type": "string" } }, diff --git a/schema/cluster.k8s.io/cluster_v1alpha1.json b/schema/cluster.k8s.io/cluster_v1alpha1.json index ffa611742..f312079dd 100644 --- a/schema/cluster.k8s.io/cluster_v1alpha1.json +++ b/schema/cluster.k8s.io/cluster_v1alpha1.json @@ -1,19 +1,24 @@ { + "description": "/ [Cluster] Cluster is the Schema for the clusters API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "/ [ClusterSpec] ClusterSpec defines the desired state of Cluster", "type": "object", "properties": { "clusterNetwork": { + "description": "Cluster network configuration", "type": "object", "required": [ "pods", @@ -22,6 +27,7 @@ ], "properties": { "pods": { + "description": "The network ranges from which Pod networks are allocated.", "type": "object", "required": [ "cidrBlocks" @@ -37,9 +43,11 @@ "additionalProperties": false }, "serviceDomain": { + "description": "Domain name for services.", "type": "string" }, "services": { + "description": "The network ranges from which service VIPs are allocated.", "type": "object", "required": [ "cidrBlocks" @@ -58,39 +66,51 @@ "additionalProperties": false }, "providerSpec": { + "description": "Provider-specific serialized configuration to use during cluster creation. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", "type": "object", "properties": { "value": { + "description": "Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", "type": "object" }, "valueFrom": { + "description": "Source for the provider configuration. Cannot be used if value is not empty.", "type": "object", "properties": { "machineClass": { + "description": "The machine class from which the provider config should be sourced.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "provider": { + "description": "Provider is the name of the cloud-provider which MachineClass is intended for.", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -106,11 +126,14 @@ "additionalProperties": false }, "status": { + "description": "/ [ClusterStatus] ClusterStatus defines the observed state of Cluster", "type": "object", "properties": { "apiEndpoints": { + "description": "APIEndpoint represents the endpoint to communicate with the IP.", "type": "array", "items": { + "description": "/ [APIEndpoint] APIEndpoint represents a reachable Kubernetes API endpoint.", "type": "object", "required": [ "host", @@ -118,9 +141,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer" } }, @@ -128,12 +153,15 @@ } }, "errorMessage": { + "description": "If set, indicates that there is a problem reconciling the state, and will be set to a descriptive error message.", "type": "string" }, "errorReason": { + "description": "If set, indicates that there is a problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.", "type": "string" }, "providerStatus": { + "description": "Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", "type": "object" } }, diff --git a/schema/cluster.k8s.io/machine_v1alpha1.json b/schema/cluster.k8s.io/machine_v1alpha1.json index 34f37c457..ed93db8d9 100644 --- a/schema/cluster.k8s.io/machine_v1alpha1.json +++ b/schema/cluster.k8s.io/machine_v1alpha1.json @@ -1,22 +1,28 @@ { + "description": "/ [Machine] Machine is the Schema for the machines API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "/ [MachineSpec] MachineSpec defines the desired state of Machine", "type": "object", "properties": { "configSource": { + "description": "ConfigSource is used to populate in the associated Node for dynamic kubelet config. This field already exists in Node, so any updates to it in the Machine spec will be automatically copied to the linked NodeRef from the status. The rest of dynamic kubelet config support should then work as-is.", "type": "object", "properties": { "configMap": { + "description": "ConfigMap is a reference to a Node's ConfigMap", "type": "object", "required": [ "kubeletConfigKey", @@ -25,18 +31,23 @@ ], "properties": { "kubeletConfigKey": { + "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", "type": "string" }, "name": { + "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", "type": "string" }, "namespace": { + "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", "type": "string" }, "resourceVersion": { + "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" }, "uid": { + "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" } }, @@ -46,32 +57,40 @@ "additionalProperties": false }, "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -81,21 +100,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -106,42 +131,55 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, "providerSpec": { + "description": "ProviderSpec details Provider-specific configuration to use during node creation.", "type": "object", "properties": { "value": { + "description": "Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", "type": "object" }, "valueFrom": { + "description": "Source for the provider configuration. Cannot be used if value is not empty.", "type": "object", "properties": { "machineClass": { + "description": "The machine class from which the provider config should be sourced.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "provider": { + "description": "Provider is the name of the cloud-provider which MachineClass is intended for.", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -154,8 +192,10 @@ "additionalProperties": false }, "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -163,16 +203,20 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "Required. The taint value corresponding to the taint key.", "type": "string" } }, @@ -180,15 +224,18 @@ } }, "versions": { + "description": "Versions of key software to use. This field is optional at cluster creation time, and omitting the field indicates that the cluster installation tool should select defaults for the user. These defaults may differ based on the cluster installer, but the tool should populate the values it uses when persisting Machine objects. A Machine spec missing this field at runtime is invalid.", "type": "object", "required": [ "kubelet" ], "properties": { "controlPlane": { + "description": "ControlPlane is the semantic version of the Kubernetes control plane to run. This should only be populated when the machine is a control plane.", "type": "string" }, "kubelet": { + "description": "Kubelet is the semantic version of kubelet to run", "type": "string" } }, @@ -198,11 +245,14 @@ "additionalProperties": false }, "status": { + "description": "/ [MachineStatus] MachineStatus defines the observed state of Machine", "type": "object", "properties": { "addresses": { + "description": "Addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -210,9 +260,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -220,8 +272,10 @@ } }, "conditions": { + "description": "Conditions lists the conditions synced from the node conditions of the corresponding node-object. Machine-controller is responsible for keeping conditions up-to-date. MachineSet controller will be taking these conditions as a signal to decide if machine is healthy or needs to be replaced. Refer: https://kubernetes.io/docs/concepts/architecture/nodes/#condition", "type": "array", "items": { + "description": "NodeCondition contains condition information for a node.", "type": "object", "required": [ "status", @@ -229,23 +283,29 @@ ], "properties": { "lastHeartbeatTime": { + "description": "Last time we got an update on a given condition.", "type": "string", "format": "date-time" }, "lastTransitionTime": { + "description": "Last time the condition transit from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "Human readable message indicating details about last transition.", "type": "string" }, "reason": { + "description": "(brief) reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of node condition.", "type": "string" } }, @@ -253,77 +313,98 @@ } }, "errorMessage": { + "description": "ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "ErrorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "lastOperation": { + "description": "LastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", "type": "object", "properties": { "description": { + "description": "Description is the human-readable description of the last operation.", "type": "string" }, "lastUpdated": { + "description": "LastUpdated is the timestamp at which LastOperation API was last-updated.", "type": "string", "format": "date-time" }, "state": { + "description": "State is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", "type": "string" }, "type": { + "description": "Type is the type of operation which was last performed. E.g. Create, Delete, Update etc", "type": "string" } }, "additionalProperties": false }, "lastUpdated": { + "description": "LastUpdated identifies when this status was last observed.", "type": "string", "format": "date-time" }, "nodeRef": { + "description": "NodeRef will point to the corresponding Node if it exists.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "phase": { + "description": "Phase represents the current phase of machine actuation. E.g. Pending, Running, Terminating, Failed etc.", "type": "string" }, "providerStatus": { + "description": "ProviderStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", "type": "object" }, "versions": { + "description": "Versions specifies the current versions of software on the corresponding Node (if it exists). This is provided for a few reasons: \n 1) It is more convenient than checking the NodeRef, traversing it to the Node, and finding the appropriate field in Node.Status.NodeInfo (which uses different field names and formatting). 2) It removes some of the dependency on the structure of the Node, so that if the structure of Node.Status.NodeInfo changes, only machine controllers need to be updated, rather than every client of the Machines API. 3) There is no other simple way to check the control plane version. A client would have to connect directly to the apiserver running on the target node in order to find out its version.", "type": "object", "required": [ "kubelet" ], "properties": { "controlPlane": { + "description": "ControlPlane is the semantic version of the Kubernetes control plane to run. This should only be populated when the machine is a control plane.", "type": "string" }, "kubelet": { + "description": "Kubelet is the semantic version of kubelet to run", "type": "string" } }, diff --git a/schema/cluster.k8s.io/machineclass_v1alpha1.json b/schema/cluster.k8s.io/machineclass_v1alpha1.json index 88f95bb3f..90270f1e3 100644 --- a/schema/cluster.k8s.io/machineclass_v1alpha1.json +++ b/schema/cluster.k8s.io/machineclass_v1alpha1.json @@ -1,19 +1,23 @@ { + "description": "/ [MachineClass] MachineClass can be used to templatize and re-use provider configuration across multiple Machines / MachineSets / MachineDeployments.", "type": "object", "required": [ "providerSpec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "providerSpec": { + "description": "Provider-specific configuration to use during node creation.", "type": "object" } } diff --git a/schema/cluster.k8s.io/machinedeployment_v1alpha1.json b/schema/cluster.k8s.io/machinedeployment_v1alpha1.json index 44ddf008b..50d7e8187 100644 --- a/schema/cluster.k8s.io/machinedeployment_v1alpha1.json +++ b/schema/cluster.k8s.io/machinedeployment_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "/ [MachineDeployment] MachineDeployment is the Schema for the machinedeployments API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "/ [MachineDeploymentSpec] MachineDeploymentSpec defines the desired state of MachineDeployment", "type": "object", "required": [ "selector", @@ -18,30 +22,38 @@ ], "properties": { "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", "type": "integer", "format": "int32" }, "paused": { + "description": "Indicates that the deployment is paused.", "type": "boolean" }, "progressDeadlineSeconds": { + "description": "The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.", "type": "integer", "format": "int32" }, "replicas": { + "description": "Number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified.", "type": "integer", "format": "int32" }, "revisionHistoryLimit": { + "description": "The number of old MachineSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", "type": "integer", "format": "int32" }, "selector": { + "description": "Label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -49,12 +61,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -65,6 +80,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -74,12 +90,15 @@ "additionalProperties": false }, "strategy": { + "description": "The deployment strategy to use to replace existing machines with new ones.", "type": "object", "properties": { "rollingUpdate": { + "description": "Rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate.", "type": "object", "properties": { "maxSurge": { + "description": "The maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.", "anyOf": [ { "type": "string" @@ -90,6 +109,7 @@ ] }, "maxUnavailable": { + "description": "The maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.", "anyOf": [ { "type": "string" @@ -103,41 +123,51 @@ "additionalProperties": false }, "type": { + "description": "Type of deployment. Currently the only supported strategy is \"RollingUpdate\". Default is RollingUpdate.", "type": "string" } }, "additionalProperties": false }, "template": { + "description": "Template describes the machines that will be created.", "type": "object", "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -147,21 +177,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -172,12 +208,15 @@ "additionalProperties": false }, "spec": { + "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "type": "object", "properties": { "configSource": { + "description": "ConfigSource is used to populate in the associated Node for dynamic kubelet config. This field already exists in Node, so any updates to it in the Machine spec will be automatically copied to the linked NodeRef from the status. The rest of dynamic kubelet config support should then work as-is.", "type": "object", "properties": { "configMap": { + "description": "ConfigMap is a reference to a Node's ConfigMap", "type": "object", "required": [ "kubeletConfigKey", @@ -186,18 +225,23 @@ ], "properties": { "kubeletConfigKey": { + "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", "type": "string" }, "name": { + "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", "type": "string" }, "namespace": { + "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", "type": "string" }, "resourceVersion": { + "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" }, "uid": { + "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" } }, @@ -207,32 +251,40 @@ "additionalProperties": false }, "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -242,21 +294,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -267,42 +325,55 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, "providerSpec": { + "description": "ProviderSpec details Provider-specific configuration to use during node creation.", "type": "object", "properties": { "value": { + "description": "Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", "type": "object" }, "valueFrom": { + "description": "Source for the provider configuration. Cannot be used if value is not empty.", "type": "object", "properties": { "machineClass": { + "description": "The machine class from which the provider config should be sourced.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "provider": { + "description": "Provider is the name of the cloud-provider which MachineClass is intended for.", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -315,8 +386,10 @@ "additionalProperties": false }, "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -324,16 +397,20 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "Required. The taint value corresponding to the taint key.", "type": "string" } }, @@ -341,15 +418,18 @@ } }, "versions": { + "description": "Versions of key software to use. This field is optional at cluster creation time, and omitting the field indicates that the cluster installation tool should select defaults for the user. These defaults may differ based on the cluster installer, but the tool should populate the values it uses when persisting Machine objects. A Machine spec missing this field at runtime is invalid.", "type": "object", "required": [ "kubelet" ], "properties": { "controlPlane": { + "description": "ControlPlane is the semantic version of the Kubernetes control plane to run. This should only be populated when the machine is a control plane.", "type": "string" }, "kubelet": { + "description": "Kubelet is the semantic version of kubelet to run", "type": "string" } }, @@ -365,29 +445,36 @@ "additionalProperties": false }, "status": { + "description": "/ [MachineDeploymentStatus] MachineDeploymentStatus defines the observed state of MachineDeployment", "type": "object", "properties": { "availableReplicas": { + "description": "Total number of available machines (ready for at least minReadySeconds) targeted by this deployment.", "type": "integer", "format": "int32" }, "observedGeneration": { + "description": "The generation observed by the deployment controller.", "type": "integer", "format": "int64" }, "readyReplicas": { + "description": "Total number of ready machines targeted by this deployment.", "type": "integer", "format": "int32" }, "replicas": { + "description": "Total number of non-terminated machines targeted by this deployment (their labels match the selector).", "type": "integer", "format": "int32" }, "unavailableReplicas": { + "description": "Total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines that still have not been created.", "type": "integer", "format": "int32" }, "updatedReplicas": { + "description": "Total number of non-terminated machines targeted by this deployment that have the desired template spec.", "type": "integer", "format": "int32" } diff --git a/schema/cluster.k8s.io/machineset_v1alpha1.json b/schema/cluster.k8s.io/machineset_v1alpha1.json index 028f85d71..f744c7c23 100644 --- a/schema/cluster.k8s.io/machineset_v1alpha1.json +++ b/schema/cluster.k8s.io/machineset_v1alpha1.json @@ -1,22 +1,27 @@ { + "description": "/ [MachineSet] MachineSet ensures that a specified number of machines replicas are running at any given time.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "/ [MachineSetSpec] MachineSetSpec defines the desired state of MachineSet", "type": "object", "required": [ "selector" ], "properties": { "deletePolicy": { + "description": "DeletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", "type": "string", "enum": [ "Random", @@ -25,19 +30,24 @@ ] }, "minReadySeconds": { + "description": "MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", "type": "integer", "format": "int32" }, "replicas": { + "description": "Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", "type": "integer", "format": "int32" }, "selector": { + "description": "Selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -45,12 +55,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -61,6 +74,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -70,35 +84,44 @@ "additionalProperties": false }, "template": { + "description": "Template is the object that describes the machine that will be created if insufficient replicas are detected.", "type": "object", "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -108,21 +131,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -133,12 +162,15 @@ "additionalProperties": false }, "spec": { + "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "type": "object", "properties": { "configSource": { + "description": "ConfigSource is used to populate in the associated Node for dynamic kubelet config. This field already exists in Node, so any updates to it in the Machine spec will be automatically copied to the linked NodeRef from the status. The rest of dynamic kubelet config support should then work as-is.", "type": "object", "properties": { "configMap": { + "description": "ConfigMap is a reference to a Node's ConfigMap", "type": "object", "required": [ "kubeletConfigKey", @@ -147,18 +179,23 @@ ], "properties": { "kubeletConfigKey": { + "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", "type": "string" }, "name": { + "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", "type": "string" }, "namespace": { + "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", "type": "string" }, "resourceVersion": { + "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" }, "uid": { + "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" } }, @@ -168,32 +205,40 @@ "additionalProperties": false }, "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -203,21 +248,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -228,42 +279,55 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, "providerSpec": { + "description": "ProviderSpec details Provider-specific configuration to use during node creation.", "type": "object", "properties": { "value": { + "description": "Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", "type": "object" }, "valueFrom": { + "description": "Source for the provider configuration. Cannot be used if value is not empty.", "type": "object", "properties": { "machineClass": { + "description": "The machine class from which the provider config should be sourced.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "provider": { + "description": "Provider is the name of the cloud-provider which MachineClass is intended for.", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -276,8 +340,10 @@ "additionalProperties": false }, "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -285,16 +351,20 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "Required. The taint value corresponding to the taint key.", "type": "string" } }, @@ -302,15 +372,18 @@ } }, "versions": { + "description": "Versions of key software to use. This field is optional at cluster creation time, and omitting the field indicates that the cluster installation tool should select defaults for the user. These defaults may differ based on the cluster installer, but the tool should populate the values it uses when persisting Machine objects. A Machine spec missing this field at runtime is invalid.", "type": "object", "required": [ "kubelet" ], "properties": { "controlPlane": { + "description": "ControlPlane is the semantic version of the Kubernetes control plane to run. This should only be populated when the machine is a control plane.", "type": "string" }, "kubelet": { + "description": "Kubelet is the semantic version of kubelet to run", "type": "string" } }, @@ -326,12 +399,14 @@ "additionalProperties": false }, "status": { + "description": "/ [MachineSetStatus] MachineSetStatus defines the observed state of MachineSet", "type": "object", "required": [ "replicas" ], "properties": { "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", "type": "integer", "format": "int32" }, @@ -339,21 +414,26 @@ "type": "string" }, "errorReason": { + "description": "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption. \n These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", "type": "string" }, "fullyLabeledReplicas": { + "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", "type": "integer", "format": "int32" }, "observedGeneration": { + "description": "ObservedGeneration reflects the generation of the most recently observed MachineSet.", "type": "integer", "format": "int64" }, "readyReplicas": { + "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", "type": "integer", "format": "int32" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" } diff --git a/schema/cluster.x-k8s.io/cluster_v1alpha2.json b/schema/cluster.x-k8s.io/cluster_v1alpha2.json index f20ef39cc..0b8751aa9 100644 --- a/schema/cluster.x-k8s.io/cluster_v1alpha2.json +++ b/schema/cluster.x-k8s.io/cluster_v1alpha2.json @@ -1,26 +1,33 @@ { + "description": "Cluster is the Schema for the clusters API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ClusterSpec defines the desired state of Cluster", "type": "object", "properties": { "clusterNetwork": { + "description": "Cluster network configuration", "type": "object", "properties": { "apiServerPort": { + "description": "APIServerPort specifies the port the API Server should bind to. Defaults to 6443.", "type": "integer", "format": "int32" }, "pods": { + "description": "The network ranges from which Pod networks are allocated.", "type": "object", "required": [ "cidrBlocks" @@ -36,9 +43,11 @@ "additionalProperties": false }, "serviceDomain": { + "description": "Domain name for services.", "type": "string" }, "services": { + "description": "The network ranges from which service VIPs are allocated.", "type": "object", "required": [ "cidrBlocks" @@ -57,27 +66,35 @@ "additionalProperties": false }, "infrastructureRef": { + "description": "InfrastructureRef is a reference to a provider-specific resource that holds the details for provisioning infrastructure for a cluster in said provider.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -87,11 +104,14 @@ "additionalProperties": false }, "status": { + "description": "ClusterStatus defines the observed state of Cluster", "type": "object", "properties": { "apiEndpoints": { + "description": "APIEndpoints represents the endpoints to communicate with the control plane.", "type": "array", "items": { + "description": "APIEndpoint represents a reachable Kubernetes API endpoint.", "type": "object", "required": [ "host", @@ -99,9 +119,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer" } }, @@ -109,18 +131,23 @@ } }, "controlPlaneInitialized": { + "description": "ControlPlaneInitialized defines if the control plane has been initialized.", "type": "boolean" }, "errorMessage": { + "description": "ErrorMessage indicates that there is a problem reconciling the state, and will be set to a descriptive error message.", "type": "string" }, "errorReason": { + "description": "ErrorReason indicates that there is a problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.", "type": "string" }, "infrastructureReady": { + "description": "InfrastructureReady is the state of the infrastructure provider.", "type": "boolean" }, "phase": { + "description": "Phase represents the current phase of cluster actuation. E.g. Pending, Running, Terminating, Failed etc.", "type": "string" } }, diff --git a/schema/cluster.x-k8s.io/machine_v1alpha2.json b/schema/cluster.x-k8s.io/machine_v1alpha2.json index 657715609..39dc9422c 100644 --- a/schema/cluster.x-k8s.io/machine_v1alpha2.json +++ b/schema/cluster.x-k8s.io/machine_v1alpha2.json @@ -1,16 +1,20 @@ { + "description": "Machine is the Schema for the machines API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "MachineSpec defines the desired state of Machine", "type": "object", "required": [ "bootstrap", @@ -18,95 +22,121 @@ ], "properties": { "bootstrap": { + "description": "Bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "data": { + "description": "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state.", "type": "string" } }, "additionalProperties": false }, "infrastructureRef": { + "description": "InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "metadata": { + "description": "DEPRECATED: ObjectMeta has no function and isn't used anywhere.", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -116,21 +146,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -141,20 +177,25 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, "version": { + "description": "Version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "MachineStatus defines the observed state of Machine", "type": "object", "properties": { "addresses": { + "description": "Addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference.", "type": "array", "items": { + "description": "MachineAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -162,9 +203,11 @@ ], "properties": { "address": { + "description": "The machine address.", "type": "string" }, "type": { + "description": "Machine address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -172,52 +215,67 @@ } }, "bootstrapReady": { + "description": "BootstrapReady is the state of the bootstrap provider.", "type": "boolean" }, "errorMessage": { + "description": "ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "ErrorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "infrastructureReady": { + "description": "InfrastructureReady is the state of the infrastructure provider.", "type": "boolean" }, "lastUpdated": { + "description": "LastUpdated identifies when this status was last observed.", "type": "string", "format": "date-time" }, "nodeRef": { + "description": "NodeRef will point to the corresponding Node if it exists.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "phase": { + "description": "Phase represents the current phase of machine actuation. E.g. Pending, Running, Terminating, Failed etc.", "type": "string" }, "version": { + "description": "Version specifies the current version of Kubernetes running on the corresponding Node. This is meant to be a means of bubbling up status from the Node to the Machine. It is entirely optional, but useful for end-user UX if it’s present.", "type": "string" } }, diff --git a/schema/cluster.x-k8s.io/machinedeployment_v1alpha2.json b/schema/cluster.x-k8s.io/machinedeployment_v1alpha2.json index db9da446c..56d387142 100644 --- a/schema/cluster.x-k8s.io/machinedeployment_v1alpha2.json +++ b/schema/cluster.x-k8s.io/machinedeployment_v1alpha2.json @@ -1,16 +1,20 @@ { + "description": "MachineDeployment is the Schema for the machinedeployments API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "MachineDeploymentSpec defines the desired state of MachineDeployment", "type": "object", "required": [ "selector", @@ -18,30 +22,38 @@ ], "properties": { "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", "type": "integer", "format": "int32" }, "paused": { + "description": "Indicates that the deployment is paused.", "type": "boolean" }, "progressDeadlineSeconds": { + "description": "The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.", "type": "integer", "format": "int32" }, "replicas": { + "description": "Number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified.", "type": "integer", "format": "int32" }, "revisionHistoryLimit": { + "description": "The number of old MachineSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", "type": "integer", "format": "int32" }, "selector": { + "description": "Label selector for machines. Existing MachineSets whose machines are selected by this will be the ones affected by this deployment. It must match the machine template's labels.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -49,12 +61,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -65,6 +80,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -74,12 +90,15 @@ "additionalProperties": false }, "strategy": { + "description": "The deployment strategy to use to replace existing machines with new ones.", "type": "object", "properties": { "rollingUpdate": { + "description": "Rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate.", "type": "object", "properties": { "maxSurge": { + "description": "The maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.", "anyOf": [ { "type": "integer" @@ -91,6 +110,7 @@ "x-kubernetes-int-or-string": true }, "maxUnavailable": { + "description": "The maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.", "anyOf": [ { "type": "integer" @@ -105,41 +125,51 @@ "additionalProperties": false }, "type": { + "description": "Type of deployment. Currently the only supported strategy is \"RollingUpdate\". Default is RollingUpdate.", "type": "string" } }, "additionalProperties": false }, "template": { + "description": "Template describes the machines that will be created.", "type": "object", "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -149,21 +179,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -174,6 +210,7 @@ "additionalProperties": false }, "spec": { + "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "type": "object", "required": [ "bootstrap", @@ -181,95 +218,121 @@ ], "properties": { "bootstrap": { + "description": "Bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "data": { + "description": "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state.", "type": "string" } }, "additionalProperties": false }, "infrastructureRef": { + "description": "InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "metadata": { + "description": "DEPRECATED: ObjectMeta has no function and isn't used anywhere.", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -279,21 +342,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -304,9 +373,11 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, "version": { + "description": "Version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers.", "type": "string" } }, @@ -319,32 +390,40 @@ "additionalProperties": false }, "status": { + "description": "MachineDeploymentStatus defines the observed state of MachineDeployment", "type": "object", "properties": { "availableReplicas": { + "description": "Total number of available machines (ready for at least minReadySeconds) targeted by this deployment.", "type": "integer", "format": "int32" }, "observedGeneration": { + "description": "The generation observed by the deployment controller.", "type": "integer", "format": "int64" }, "readyReplicas": { + "description": "Total number of ready machines targeted by this deployment.", "type": "integer", "format": "int32" }, "replicas": { + "description": "Total number of non-terminated machines targeted by this deployment (their labels match the selector).", "type": "integer", "format": "int32" }, "selector": { + "description": "Selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors", "type": "string" }, "unavailableReplicas": { + "description": "Total number of unavailable machines targeted by this deployment. This is the total number of machines that are still required for the deployment to have 100% available capacity. They may either be machines that are running but not yet available or machines that still have not been created.", "type": "integer", "format": "int32" }, "updatedReplicas": { + "description": "Total number of non-terminated machines targeted by this deployment that have the desired template spec.", "type": "integer", "format": "int32" } diff --git a/schema/cluster.x-k8s.io/machineset_v1alpha2.json b/schema/cluster.x-k8s.io/machineset_v1alpha2.json index c2a098e88..a7df36904 100644 --- a/schema/cluster.x-k8s.io/machineset_v1alpha2.json +++ b/schema/cluster.x-k8s.io/machineset_v1alpha2.json @@ -1,22 +1,27 @@ { + "description": "MachineSet is the Schema for the machinesets API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "MachineSetSpec defines the desired state of MachineSet", "type": "object", "required": [ "selector" ], "properties": { "deletePolicy": { + "description": "DeletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", "type": "string", "enum": [ "Random", @@ -25,19 +30,24 @@ ] }, "minReadySeconds": { + "description": "MinReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", "type": "integer", "format": "int32" }, "replicas": { + "description": "Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", "type": "integer", "format": "int32" }, "selector": { + "description": "Selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -45,12 +55,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -61,6 +74,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -70,35 +84,44 @@ "additionalProperties": false }, "template": { + "description": "Template is the object that describes the machine that will be created if insufficient replicas are detected. Object references to custom resources resources are treated as templates.", "type": "object", "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -108,21 +131,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -133,6 +162,7 @@ "additionalProperties": false }, "spec": { + "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "type": "object", "required": [ "bootstrap", @@ -140,95 +170,121 @@ ], "properties": { "bootstrap": { + "description": "Bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "data": { + "description": "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state.", "type": "string" } }, "additionalProperties": false }, "infrastructureRef": { + "description": "InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "metadata": { + "description": "DEPRECATED: ObjectMeta has no function and isn't used anywhere.", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -238,21 +294,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -263,9 +325,11 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, "version": { + "description": "Version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers.", "type": "string" } }, @@ -278,12 +342,14 @@ "additionalProperties": false }, "status": { + "description": "MachineSetStatus defines the observed state of MachineSet", "type": "object", "required": [ "replicas" ], "properties": { "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", "type": "integer", "format": "int32" }, @@ -291,25 +357,31 @@ "type": "string" }, "errorReason": { + "description": "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption. \n These fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", "type": "string" }, "fullyLabeledReplicas": { + "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", "type": "integer", "format": "int32" }, "observedGeneration": { + "description": "ObservedGeneration reflects the generation of the most recently observed MachineSet.", "type": "integer", "format": "int64" }, "readyReplicas": { + "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", "type": "integer", "format": "int32" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" }, "selector": { + "description": "Selector is the same as the label selector but in the string format to avoid introspection by clients. The string will be in the same format as the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors", "type": "string" } }, diff --git a/schema/configuration.konghq.com/kongcredential_v1.json b/schema/configuration.konghq.com/kongcredential_v1.json index 6914b66e1..d7c02d80f 100644 --- a/schema/configuration.konghq.com/kongcredential_v1.json +++ b/schema/configuration.konghq.com/kongcredential_v1.json @@ -1,4 +1,8 @@ { + "required": [ + "consumerRef", + "type" + ], "properties": { "consumerRef": { "type": "string" @@ -6,9 +10,5 @@ "type": { "type": "string" } - }, - "required": [ - "consumerRef", - "type" - ] + } } diff --git a/schema/core.oam.dev/application_v1alpha2.json b/schema/core.oam.dev/application_v1alpha2.json index d0d1eaf59..302a8a1ab 100644 --- a/schema/core.oam.dev/application_v1alpha2.json +++ b/schema/core.oam.dev/application_v1alpha2.json @@ -1,29 +1,44 @@ { + "description": "Application is the Schema for the applications API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ApplicationSpec is the spec of Application", + "type": "object", + "required": [ + "components" + ], "properties": { "components": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationComponent describe the component of application", + "type": "object", + "required": [ + "name", + "type" + ], "properties": { "name": { "type": "string" }, "scopes": { + "description": "scopes in ApplicationComponent defines the component-level scopes the format is \u003cscope-type:scope-instance-name\u003e pairs, the key represents type of `ScopeDefinition` while the value represent the name of scope instance.", + "type": "object", "additionalProperties": { "type": "string" }, - "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "settings": { @@ -31,10 +46,15 @@ "x-kubernetes-preserve-unknown-fields": true }, "traits": { + "description": "Traits define the trait of one component, the type must be array to keep the order.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationTrait defines the trait of application", + "type": "object", + "required": [ + "name" + ], "properties": { - "additionalProperties": false, "name": { "type": "string" }, @@ -43,43 +63,45 @@ "x-kubernetes-preserve-unknown-fields": true } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "type": { "type": "string" } }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "rolloutPlan": { - "additionalProperties": false, + "description": "RolloutPlan is the details on how to rollout the resources The controller simply replace the old resources with the new one if there is no rollout plan involved", + "type": "object", "properties": { "batchPartition": { - "format": "int32", - "type": "integer" + "description": "All pods in the batches up to the batchPartition (included) will have the target resource specification while the rest still have the source resource This is designed for the operators to manually rollout Default is the the number of batches which will rollout all the batches", + "type": "integer", + "format": "int32" }, "canaryMetric": { + "description": "CanaryMetric provides a way for the rollout process to automatically check certain metrics before complete the process", + "type": "array", "items": { - "additionalProperties": false, + "description": "CanaryMetric holds the reference to metrics used for canary analysis", + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { + "description": "Interval represents the windows size", "type": "string" }, "metricsRange": { - "additionalProperties": false, + "description": "Range value accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Maximum value", "anyOf": [ { "type": "integer" @@ -91,6 +113,7 @@ "x-kubernetes-int-or-string": true }, "min": { + "description": "Minimum value", "anyOf": [ { "type": "integer" @@ -102,107 +125,134 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the metric", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "TemplateRef references a metric template object", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "numBatches": { - "format": "int32", - "type": "integer" + "description": "The number of batches, default = 1", + "type": "integer", + "format": "int32" }, "paused": { + "description": "Paused the rollout, default is false", "type": "boolean" }, "rolloutBatches": { + "description": "The exact distribution among batches. its size has to be exactly the same as the NumBatches (if set) The total number cannot exceed the targetSize or the size of the source resource We will IGNORE the last batch's replica field if it's a percentage since round errors can lead to inaccurate sum We highly recommend to leave the last batch's replica field empty", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutBatch is used to describe how the each batch rollout should be", + "type": "object", "properties": { "batchRolloutWebhooks": { + "description": "RolloutWebhooks provides a way for the batch rollout to interact with an external process", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutWebhook holds the reference to external checks used for canary analysis", + "type": "object", + "required": [ + "name", + "type", + "url" + ], "properties": { "expectedStatus": { + "description": "ExpectedStatus contains all the expected http status code that we will accept as success", + "type": "array", "items": { "type": "integer" - }, - "type": "array" + } }, "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "method": { + "description": "Method the HTTP call method, default is POST", "type": "string" }, "name": { + "description": "Name of this webhook", "type": "string" }, "type": { + "description": "Type of this webhook", "type": "string" }, "url": { + "description": "URL address of this webhook", "type": "string" } }, - "required": [ - "name", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "canaryMetric": { + "description": "CanaryMetric provides a way for the batch rollout process to automatically check certain metrics before moving to the next batch", + "type": "array", "items": { - "additionalProperties": false, + "description": "CanaryMetric holds the reference to metrics used for canary analysis", + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { + "description": "Interval represents the windows size", "type": "string" }, "metricsRange": { - "additionalProperties": false, + "description": "Range value accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Maximum value", "anyOf": [ { "type": "integer" @@ -214,6 +264,7 @@ "x-kubernetes-int-or-string": true }, "min": { + "description": "Minimum value", "anyOf": [ { "type": "integer" @@ -225,52 +276,59 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the metric", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "TemplateRef references a metric template object", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "instanceInterval": { - "format": "int32", - "type": "integer" + "description": "The wait time, in seconds, between instances upgrades, default = 0", + "type": "integer", + "format": "int32" }, "maxUnavailable": { + "description": "MaxUnavailable is the max allowed number of pods that is unavailable during the upgrade. We will mark the batch as ready as long as there are less or equal number of pods unavailable than this number. default = 0", "anyOf": [ { "type": "integer" @@ -282,12 +340,14 @@ "x-kubernetes-int-or-string": true }, "podList": { + "description": "The list of Pods to get upgraded it is mutually exclusive with the Replicas field", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "replicas": { + "description": "Replicas is the number of pods to upgrade in this batch it can be an absolute number (ex: 5) or a percentage of total pods we will ignore the percentage of the last batch to just fill the gap it is mutually exclusive with the PodList field", "anyOf": [ { "type": "integer" @@ -299,72 +359,83 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "rolloutStrategy": { + "description": "RolloutStrategy defines strategies for the rollout plan The default is IncreaseFirstRolloutStrategyType", "type": "string" }, "rolloutWebhooks": { + "description": "RolloutWebhooks provide a way for the rollout to interact with an external process", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutWebhook holds the reference to external checks used for canary analysis", + "type": "object", + "required": [ + "name", + "type", + "url" + ], "properties": { "expectedStatus": { + "description": "ExpectedStatus contains all the expected http status code that we will accept as success", + "type": "array", "items": { "type": "integer" - }, - "type": "array" + } }, "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "method": { + "description": "Method the HTTP call method, default is POST", "type": "string" }, "name": { + "description": "Name of this webhook", "type": "string" }, "type": { + "description": "Type of this webhook", "type": "string" }, "url": { + "description": "URL address of this webhook", "type": "string" } }, - "required": [ - "name", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "targetSize": { - "format": "int32", - "type": "integer" + "description": "The size of the target resource. The default is the same as the size of the source resource.", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "components" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "AppStatus defines the observed state of Application", + "type": "object", "properties": { "appliedResources": { + "description": "AppliedResources record the resources that the workflow step apply.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ClusterObjectReference defines the object reference with cluster.", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "cluster": { @@ -374,118 +445,149 @@ "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "components": { + "description": "Components record the related Components created by Application Controller", + "type": "array", "items": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "latestRevision": { - "additionalProperties": false, + "description": "LatestRevision of the application configuration it generates", + "type": "object", + "required": [ + "name", + "revision" + ], "properties": { "name": { "type": "string" }, "revision": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "revisionHash": { + "description": "RevisionHash record the hash value of the spec of ApplicationRevision object.", "type": "string" } }, - "required": [ - "name", - "revision" - ], - "type": "object" + "additionalProperties": false }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "The generation observed by the application controller.", + "type": "integer", + "format": "int64" }, "policy": { + "description": "PolicyStatus records the status of policy Deprecated This field is only used by EnvBinding Policy which is deprecated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PolicyStatus records the status of policy Deprecated", + "type": "object", + "required": [ + "name", + "type" + ], "properties": { "name": { "type": "string" @@ -498,17 +600,19 @@ "type": "string" } }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "services": { + "description": "Services record the status of the application services", + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationComponentStatus record the health status of App component", + "type": "object", + "required": [ + "healthy", + "name" + ], "properties": { "cluster": { "type": "string" @@ -529,39 +633,53 @@ "type": "string" }, "scopes": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "traits": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationTraitStatus records the trait health status", + "type": "object", + "required": [ + "healthy", + "type" + ], "properties": { "healthy": { "type": "boolean" @@ -573,16 +691,16 @@ "type": "string" } }, - "required": [ - "healthy", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workloadDefinition": { - "additionalProperties": false, + "description": "WorkloadDefinition is the definition of a WorkloadDefinition, such as deployments/apps.v1", + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { "type": "string" @@ -591,62 +709,69 @@ "type": "string" } }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "healthy", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "status": { + "description": "ApplicationPhase is a label for the condition of an application at the current time", "type": "string" }, "workflow": { - "additionalProperties": false, + "description": "Workflow record the status of workflow", + "type": "object", + "required": [ + "finished", + "mode", + "suspend", + "terminated" + ], "properties": { "appRevision": { "type": "string" }, "contextBackend": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "endTime": { + "type": "string", "format": "date-time", - "nullable": true, - "type": "string" + "nullable": true }, "finished": { "type": "boolean" @@ -658,87 +783,100 @@ "type": "string" }, "startTime": { - "format": "date-time", - "type": "string" + "type": "string", + "format": "date-time" }, "status": { + "description": "WorkflowRunPhase is a label for the condition of a WorkflowRun at the current time", "type": "string" }, "steps": { + "type": "array", "items": { - "additionalProperties": false, + "description": "WorkflowStepStatus record the status of a workflow step, include step status and subStep status", + "type": "object", + "required": [ + "id" + ], "properties": { "firstExecuteTime": { - "format": "date-time", - "type": "string" + "description": "FirstExecuteTime is the first time this step execution.", + "type": "string", + "format": "date-time" }, "id": { "type": "string" }, "lastExecuteTime": { - "format": "date-time", - "type": "string" + "description": "LastExecuteTime is the last time this step execution.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A human readable message indicating details about why the workflowStep is in this state.", "type": "string" }, "name": { "type": "string" }, "phase": { + "description": "WorkflowStepPhase describes the phase of a workflow step.", "type": "string" }, "reason": { + "description": "A brief CamelCase message indicating details about why the workflowStep is in this state.", "type": "string" }, "subSteps": { + "type": "array", "items": { - "additionalProperties": false, + "description": "StepStatus record the base status of workflow step, which could be workflow step or subStep", + "type": "object", + "required": [ + "id" + ], "properties": { "firstExecuteTime": { - "format": "date-time", - "type": "string" + "description": "FirstExecuteTime is the first time this step execution.", + "type": "string", + "format": "date-time" }, "id": { "type": "string" }, "lastExecuteTime": { - "format": "date-time", - "type": "string" + "description": "LastExecuteTime is the last time this step execution.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A human readable message indicating details about why the workflowStep is in this state.", "type": "string" }, "name": { "type": "string" }, "phase": { + "description": "WorkflowStepPhase describes the phase of a workflow step.", "type": "string" }, "reason": { + "description": "A brief CamelCase message indicating details about why the workflowStep is in this state.", "type": "string" }, "type": { "type": "string" } }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "type": { "type": "string" } }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "suspend": { "type": "boolean" @@ -750,17 +888,10 @@ "type": "boolean" } }, - "required": [ - "finished", - "mode", - "suspend", - "terminated" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/core.oam.dev/applicationrevision_v1alpha2.json b/schema/core.oam.dev/applicationrevision_v1alpha2.json index a484f7be5..bb5d20703 100644 --- a/schema/core.oam.dev/applicationrevision_v1alpha2.json +++ b/schema/core.oam.dev/applicationrevision_v1alpha2.json @@ -1,46 +1,58 @@ { + "description": "ApplicationRevision is the Schema for the ApplicationRevision API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ApplicationRevisionSpec is the spec of ApplicationRevision", + "type": "object", + "required": [ + "application", + "applicationConfiguration" + ], "properties": { "application": { - "additionalProperties": false, + "description": "Application records the snapshot of the created/modified Application", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -49,23 +61,34 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "ApplicationSpec is the spec of Application", + "type": "object", + "required": [ + "components" + ], "properties": { "components": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationComponent describe the component of application", + "type": "object", + "required": [ + "name", + "type" + ], "properties": { "name": { "type": "string" }, "scopes": { + "description": "scopes in ApplicationComponent defines the component-level scopes the format is \u003cscope-type:scope-instance-name\u003e pairs, the key represents type of `ScopeDefinition` while the value represent the name of scope instance.", + "type": "object", "additionalProperties": { "type": "string" }, - "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "settings": { @@ -73,10 +96,15 @@ "x-kubernetes-preserve-unknown-fields": true }, "traits": { + "description": "Traits define the trait of one component, the type must be array to keep the order.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationTrait defines the trait of application", + "type": "object", + "required": [ + "name" + ], "properties": { - "additionalProperties": false, "name": { "type": "string" }, @@ -85,43 +113,45 @@ "x-kubernetes-preserve-unknown-fields": true } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "type": { "type": "string" } }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "rolloutPlan": { - "additionalProperties": false, + "description": "RolloutPlan is the details on how to rollout the resources The controller simply replace the old resources with the new one if there is no rollout plan involved", + "type": "object", "properties": { "batchPartition": { - "format": "int32", - "type": "integer" + "description": "All pods in the batches up to the batchPartition (included) will have the target resource specification while the rest still have the source resource This is designed for the operators to manually rollout Default is the the number of batches which will rollout all the batches", + "type": "integer", + "format": "int32" }, "canaryMetric": { + "description": "CanaryMetric provides a way for the rollout process to automatically check certain metrics before complete the process", + "type": "array", "items": { - "additionalProperties": false, + "description": "CanaryMetric holds the reference to metrics used for canary analysis", + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { + "description": "Interval represents the windows size", "type": "string" }, "metricsRange": { - "additionalProperties": false, + "description": "Range value accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Maximum value", "anyOf": [ { "type": "integer" @@ -133,6 +163,7 @@ "x-kubernetes-int-or-string": true }, "min": { + "description": "Minimum value", "anyOf": [ { "type": "integer" @@ -144,107 +175,134 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the metric", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "TemplateRef references a metric template object", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "numBatches": { - "format": "int32", - "type": "integer" + "description": "The number of batches, default = 1", + "type": "integer", + "format": "int32" }, "paused": { + "description": "Paused the rollout, default is false", "type": "boolean" }, "rolloutBatches": { + "description": "The exact distribution among batches. its size has to be exactly the same as the NumBatches (if set) The total number cannot exceed the targetSize or the size of the source resource We will IGNORE the last batch's replica field if it's a percentage since round errors can lead to inaccurate sum We highly recommend to leave the last batch's replica field empty", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutBatch is used to describe how the each batch rollout should be", + "type": "object", "properties": { "batchRolloutWebhooks": { + "description": "RolloutWebhooks provides a way for the batch rollout to interact with an external process", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutWebhook holds the reference to external checks used for canary analysis", + "type": "object", + "required": [ + "name", + "type", + "url" + ], "properties": { "expectedStatus": { + "description": "ExpectedStatus contains all the expected http status code that we will accept as success", + "type": "array", "items": { "type": "integer" - }, - "type": "array" + } }, "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "method": { + "description": "Method the HTTP call method, default is POST", "type": "string" }, "name": { + "description": "Name of this webhook", "type": "string" }, "type": { + "description": "Type of this webhook", "type": "string" }, "url": { + "description": "URL address of this webhook", "type": "string" } }, - "required": [ - "name", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "canaryMetric": { + "description": "CanaryMetric provides a way for the batch rollout process to automatically check certain metrics before moving to the next batch", + "type": "array", "items": { - "additionalProperties": false, + "description": "CanaryMetric holds the reference to metrics used for canary analysis", + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { + "description": "Interval represents the windows size", "type": "string" }, "metricsRange": { - "additionalProperties": false, + "description": "Range value accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Maximum value", "anyOf": [ { "type": "integer" @@ -256,6 +314,7 @@ "x-kubernetes-int-or-string": true }, "min": { + "description": "Minimum value", "anyOf": [ { "type": "integer" @@ -267,52 +326,59 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the metric", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "TemplateRef references a metric template object", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "instanceInterval": { - "format": "int32", - "type": "integer" + "description": "The wait time, in seconds, between instances upgrades, default = 0", + "type": "integer", + "format": "int32" }, "maxUnavailable": { + "description": "MaxUnavailable is the max allowed number of pods that is unavailable during the upgrade. We will mark the batch as ready as long as there are less or equal number of pods unavailable than this number. default = 0", "anyOf": [ { "type": "integer" @@ -324,12 +390,14 @@ "x-kubernetes-int-or-string": true }, "podList": { + "description": "The list of Pods to get upgraded it is mutually exclusive with the Replicas field", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "replicas": { + "description": "Replicas is the number of pods to upgrade in this batch it can be an absolute number (ex: 5) or a percentage of total pods we will ignore the percentage of the last batch to just fill the gap it is mutually exclusive with the PodList field", "anyOf": [ { "type": "integer" @@ -341,72 +409,83 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "rolloutStrategy": { + "description": "RolloutStrategy defines strategies for the rollout plan The default is IncreaseFirstRolloutStrategyType", "type": "string" }, "rolloutWebhooks": { + "description": "RolloutWebhooks provide a way for the rollout to interact with an external process", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutWebhook holds the reference to external checks used for canary analysis", + "type": "object", + "required": [ + "name", + "type", + "url" + ], "properties": { "expectedStatus": { + "description": "ExpectedStatus contains all the expected http status code that we will accept as success", + "type": "array", "items": { "type": "integer" - }, - "type": "array" + } }, "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "method": { + "description": "Method the HTTP call method, default is POST", "type": "string" }, "name": { + "description": "Name of this webhook", "type": "string" }, "type": { + "description": "Type of this webhook", "type": "string" }, "url": { + "description": "URL address of this webhook", "type": "string" } }, - "required": [ - "name", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "targetSize": { - "format": "int32", - "type": "integer" + "description": "The size of the target resource. The default is the same as the size of the source resource.", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "components" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "AppStatus defines the observed state of Application", + "type": "object", "properties": { "appliedResources": { + "description": "AppliedResources record the resources that the workflow step apply.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ClusterObjectReference defines the object reference with cluster.", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "cluster": { @@ -416,118 +495,149 @@ "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "components": { + "description": "Components record the related Components created by Application Controller", + "type": "array", "items": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "latestRevision": { - "additionalProperties": false, + "description": "LatestRevision of the application configuration it generates", + "type": "object", + "required": [ + "name", + "revision" + ], "properties": { "name": { "type": "string" }, "revision": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "revisionHash": { + "description": "RevisionHash record the hash value of the spec of ApplicationRevision object.", "type": "string" } }, - "required": [ - "name", - "revision" - ], - "type": "object" + "additionalProperties": false }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "The generation observed by the application controller.", + "type": "integer", + "format": "int64" }, "policy": { + "description": "PolicyStatus records the status of policy Deprecated This field is only used by EnvBinding Policy which is deprecated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PolicyStatus records the status of policy Deprecated", + "type": "object", + "required": [ + "name", + "type" + ], "properties": { "name": { "type": "string" @@ -540,17 +650,19 @@ "type": "string" } }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "services": { + "description": "Services record the status of the application services", + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationComponentStatus record the health status of App component", + "type": "object", + "required": [ + "healthy", + "name" + ], "properties": { "cluster": { "type": "string" @@ -571,39 +683,53 @@ "type": "string" }, "scopes": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "traits": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationTraitStatus records the trait health status", + "type": "object", + "required": [ + "healthy", + "type" + ], "properties": { "healthy": { "type": "boolean" @@ -615,16 +741,16 @@ "type": "string" } }, - "required": [ - "healthy", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workloadDefinition": { - "additionalProperties": false, + "description": "WorkloadDefinition is the definition of a WorkloadDefinition, such as deployments/apps.v1", + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { "type": "string" @@ -633,62 +759,69 @@ "type": "string" } }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "healthy", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "status": { + "description": "ApplicationPhase is a label for the condition of an application at the current time", "type": "string" }, "workflow": { - "additionalProperties": false, + "description": "Workflow record the status of workflow", + "type": "object", + "required": [ + "finished", + "mode", + "suspend", + "terminated" + ], "properties": { "appRevision": { "type": "string" }, "contextBackend": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "endTime": { + "type": "string", "format": "date-time", - "nullable": true, - "type": "string" + "nullable": true }, "finished": { "type": "boolean" @@ -700,87 +833,100 @@ "type": "string" }, "startTime": { - "format": "date-time", - "type": "string" + "type": "string", + "format": "date-time" }, "status": { + "description": "WorkflowRunPhase is a label for the condition of a WorkflowRun at the current time", "type": "string" }, "steps": { + "type": "array", "items": { - "additionalProperties": false, + "description": "WorkflowStepStatus record the status of a workflow step, include step status and subStep status", + "type": "object", + "required": [ + "id" + ], "properties": { "firstExecuteTime": { - "format": "date-time", - "type": "string" + "description": "FirstExecuteTime is the first time this step execution.", + "type": "string", + "format": "date-time" }, "id": { "type": "string" }, "lastExecuteTime": { - "format": "date-time", - "type": "string" + "description": "LastExecuteTime is the last time this step execution.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A human readable message indicating details about why the workflowStep is in this state.", "type": "string" }, "name": { "type": "string" }, "phase": { + "description": "WorkflowStepPhase describes the phase of a workflow step.", "type": "string" }, "reason": { + "description": "A brief CamelCase message indicating details about why the workflowStep is in this state.", "type": "string" }, "subSteps": { + "type": "array", "items": { - "additionalProperties": false, + "description": "StepStatus record the base status of workflow step, which could be workflow step or subStep", + "type": "object", + "required": [ + "id" + ], "properties": { "firstExecuteTime": { - "format": "date-time", - "type": "string" + "description": "FirstExecuteTime is the first time this step execution.", + "type": "string", + "format": "date-time" }, "id": { "type": "string" }, "lastExecuteTime": { - "format": "date-time", - "type": "string" + "description": "LastExecuteTime is the last time this step execution.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A human readable message indicating details about why the workflowStep is in this state.", "type": "string" }, "name": { "type": "string" }, "phase": { + "description": "WorkflowStepPhase describes the phase of a workflow step.", "type": "string" }, "reason": { + "description": "A brief CamelCase message indicating details about why the workflowStep is in this state.", "type": "string" }, "type": { "type": "string" } }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "type": { "type": "string" } }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "suspend": { "type": "boolean" @@ -792,55 +938,55 @@ "type": "boolean" } }, - "required": [ - "finished", - "mode", - "suspend", - "terminated" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "applicationConfiguration": { + "description": "ApplicationConfiguration records the rendered applicationConfiguration from Application, it will contains the whole K8s CR of trait and the reference component in it.", "type": "object", - "x-kubernetes-embedded-resource": true, - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "x-kubernetes-embedded-resource": true }, "componentDefinitions": { + "description": "ComponentDefinitions records the snapshot of the componentDefinitions related with the created/modified Application", + "type": "object", "additionalProperties": { - "additionalProperties": false, + "description": "ComponentDefinition is the Schema for the componentdefinitions API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -848,226 +994,265 @@ "namespace": { "type": "string" } - }, - "type": "object" + } }, "spec": { - "additionalProperties": false, - "properties": { - "childResourceKinds": { + "description": "ComponentDefinitionSpec defines the desired state of ComponentDefinition", + "type": "object", + "required": [ + "workload" + ], + "properties": { + "childResourceKinds": { + "description": "ChildResourceKinds are the list of GVK of the child resources this workload generates", + "type": "array", "items": { - "additionalProperties": false, + "description": "A ChildResourceKind defines a child Kubernetes resource kind with a selector", + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { + "description": "APIVersion of the child resource", "type": "string" }, "kind": { + "description": "Kind of the child resource", "type": "string" }, "selector": { + "description": "Selector to select the child resources that the workload wants to expose to traits", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } - }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" - }, - "type": "array" + } + } }, "extension": { + "description": "Extension is used for extension needs by OAM platform builders", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "podSpecPath": { + "description": "PodSpecPath indicates where/if this workload has K8s podSpec field if one workload has podSpec, trait can do lot's of assumption such as port, env, volume fields.", "type": "string" }, "revisionLabel": { + "description": "RevisionLabel indicates which label for underlying resources(e.g. pods) of this workload can be used by trait to create resource selectors(e.g. label selector for pods).", "type": "string" }, "schematic": { - "additionalProperties": false, + "description": "Schematic defines the data format and template of the encapsulation of the workload", + "type": "object", "properties": { "cue": { - "additionalProperties": false, + "description": "CUE defines the encapsulation in CUE format", + "type": "object", + "required": [ + "template" + ], "properties": { "template": { + "description": "Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field. Template is a required field if CUE is defined in Capability Definition.", "type": "string" } - }, - "required": [ - "template" - ], - "type": "object" + } }, "helm": { - "additionalProperties": false, + "description": "A Helm represents resources used by a Helm module", + "type": "object", + "required": [ + "release", + "repository" + ], "properties": { "release": { + "description": "Release records a Helm release used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "repository": { + "description": "HelmRelease records a Helm repository used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "required": [ - "release", - "repository" - ], - "type": "object" + } }, "kube": { - "additionalProperties": false, + "description": "Kube defines the encapsulation in raw Kubernetes resource format", + "type": "object", + "required": [ + "template" + ], "properties": { "parameters": { + "description": "Parameters defines configurable parameters", + "type": "array", "items": { - "additionalProperties": false, + "description": "A KubeParameter defines a configurable parameter of a component.", + "type": "object", + "required": [ + "fieldPaths", + "name", + "type" + ], "properties": { "description": { + "description": "Description of this parameter.", "type": "string" }, "fieldPaths": { + "description": "FieldPaths specifies an array of fields within this workload that will be overwritten by the value of this parameter. \tAll fields must be of the same type. Fields are specified as JSON field paths without a leading dot, for example 'spec.replicas'.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "name": { + "description": "Name of this parameter", "type": "string" }, "required": { - "default": false, - "type": "boolean" + "description": "Required specifies whether or not a value for this parameter must be supplied when authoring an Application.", + "type": "boolean", + "default": false }, "type": { + "description": "ValueType indicates the type of the parameter value, and only supports basic data types: string, number, boolean.", + "type": "string", "enum": [ "string", "number", "boolean" - ], - "type": "string" + ] } - }, - "required": [ - "fieldPaths", - "name", - "type" - ], - "type": "object" - }, - "type": "array" + } + } }, "template": { + "description": "Template defines the raw Kubernetes resource", "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "required": [ - "template" - ], - "type": "object" + } }, "terraform": { - "additionalProperties": false, + "description": "Terraform is the struct to describe cloud resources managed by Hashicorp Terraform", + "type": "object", + "required": [ + "configuration" + ], "properties": { "configuration": { + "description": "Configuration is Terraform Configuration", "type": "string" }, "customRegion": { + "description": "Region is cloud provider's region. It will override the region in the region field of ProviderReference", "type": "string" }, "deleteResource": { - "default": true, - "type": "boolean" + "description": "DeleteResource will determine whether provisioned cloud resources will be deleted when CR is deleted", + "type": "boolean", + "default": true }, "gitCredentialsSecretReference": { - "additionalProperties": false, + "description": "GitCredentialsSecretReference specifies the reference to the secret containing the git credentials", + "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object", "x-kubernetes-map-type": "atomic" }, "path": { + "description": "Path is the sub-directory of remote git repository. It's valid when remote is set", "type": "string" }, "providerRef": { - "additionalProperties": false, + "description": "ProviderReference specifies the reference to Provider", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "namespace": { - "default": "default", - "type": "string" + "description": "Namespace of the referenced object.", + "type": "string", + "default": "default" } - }, - "required": [ - "name" - ], - "type": "object" + } }, "type": { + "description": "Type specifies which Terraform configuration it is, HCL or JSON syntax", + "type": "string", "default": "hcl", "enum": [ "hcl", "json", "remote" - ], - "type": "string" + ] }, "writeConnectionSecretToRef": { - "additionalProperties": false, + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } - }, - "required": [ - "name" - ], - "type": "object" + } } - }, - "required": [ - "configuration" - ], - "type": "object" + } } - }, - "type": "object" + } }, "status": { - "additionalProperties": false, + "description": "Status defines the custom health policy and status message for workload", + "type": "object", "properties": { "customStatus": { + "description": "CustomStatus defines the custom status message that could display to user", "type": "string" }, "healthPolicy": { + "description": "HealthPolicy defines the health check policy for the abstraction", "type": "string" } - }, - "type": "object" + } }, "workload": { - "additionalProperties": false, + "description": "Workload is a workload type descriptor", + "type": "object", "properties": { "definition": { - "additionalProperties": false, + "description": "Definition mutually exclusive to workload.type, a embedded WorkloadDefinition", + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { "type": "string" @@ -1075,137 +1260,140 @@ "kind": { "type": "string" } - }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" + } }, "type": { + "description": "Type ref to a WorkloadDefinition via name", "type": "string" } - }, - "type": "object" + } } - }, - "required": [ - "workload" - ], - "type": "object" + } }, "status": { - "additionalProperties": false, + "description": "ComponentDefinitionStatus is the status of ComponentDefinition", + "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } - }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + } + } }, "configMapRef": { + "description": "ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.", "type": "string" }, "latestRevision": { - "additionalProperties": false, + "description": "LatestRevision of the component definition", + "type": "object", + "required": [ + "name", + "revision" + ], "properties": { "name": { "type": "string" }, "revision": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "revisionHash": { + "description": "RevisionHash record the hash value of the spec of ApplicationRevision object.", "type": "string" } - }, - "required": [ - "name", - "revision" - ], - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" - }, - "type": "object" + } + } }, "components": { + "type": "array", "items": { - "additionalProperties": false, + "description": "RawComponent record raw component", + "type": "object", + "required": [ + "raw" + ], "properties": { "raw": { "type": "object", - "x-kubernetes-embedded-resource": true, - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "x-kubernetes-embedded-resource": true } }, - "required": [ - "raw" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "scopeDefinitions": { + "description": "ScopeDefinitions records the snapshot of the scopeDefinitions related with the created/modified Application", + "type": "object", "additionalProperties": { - "additionalProperties": false, + "description": "A ScopeDefinition registers a kind of Kubernetes custom resource as a valid OAM scope kind by referencing its CustomResourceDefinition. The CRD is used to validate the schema of the scope when it is embedded in an OAM ApplicationConfiguration.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -1213,79 +1401,86 @@ "namespace": { "type": "string" } - }, - "type": "object" + } }, "spec": { - "additionalProperties": false, + "description": "A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.", + "type": "object", + "required": [ + "allowComponentOverlap", + "definitionRef" + ], "properties": { "allowComponentOverlap": { + "description": "AllowComponentOverlap specifies whether an OAM component may exist in multiple instances of this kind of scope.", "type": "boolean" }, "definitionRef": { - "additionalProperties": false, + "description": "Reference to the CustomResourceDefinition that defines this scope kind.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced CustomResourceDefinition.", "type": "string" }, "version": { + "description": "Version indicate which version should be used if CRD has multiple versions by default it will use the first one if not specified", "type": "string" } - }, - "required": [ - "name" - ], - "type": "object" + } }, "extension": { + "description": "Extension is used for extension needs by OAM platform builders", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "workloadRefsPath": { + "description": "WorkloadRefsPath indicates if/where a scope accepts workloadRef objects", "type": "string" } - }, - "required": [ - "allowComponentOverlap", - "definitionRef" - ], - "type": "object" + } } - }, - "type": "object" - }, - "type": "object" + } + } }, "traitDefinitions": { + "description": "TraitDefinitions records the snapshot of the traitDefinitions related with the created/modified Application", + "type": "object", "additionalProperties": { - "additionalProperties": false, + "description": "A TraitDefinition registers a kind of Kubernetes custom resource as a valid OAM trait kind by referencing its CustomResourceDefinition. The CRD is used to validate the schema of the trait when it is embedded in an OAM ApplicationConfiguration.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -1293,324 +1488,365 @@ "namespace": { "type": "string" } - }, - "type": "object" + } }, "spec": { - "additionalProperties": false, + "description": "A TraitDefinitionSpec defines the desired state of a TraitDefinition.", + "type": "object", "properties": { "appliesToWorkloads": { + "description": "AppliesToWorkloads specifies the list of workload kinds this trait applies to. Workload kinds are specified in kind.group/version format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to all workload kinds.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "conflictsWith": { + "description": "ConflictsWith specifies the list of traits(CRD name, Definition name, CRD group) which could not apply to the same workloads with this trait. Traits that omit this field can work with any other traits. Example rules: \"service\" # Trait definition name \"services.k8s.io\" # API resource/crd name \"*.networking.k8s.io\" # API group \"labelSelector:foo=bar\" # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "definitionRef": { - "additionalProperties": false, + "description": "Reference to the CustomResourceDefinition that defines this trait kind.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced CustomResourceDefinition.", "type": "string" }, "version": { + "description": "Version indicate which version should be used if CRD has multiple versions by default it will use the first one if not specified", "type": "string" } - }, - "required": [ - "name" - ], - "type": "object" + } }, "extension": { + "description": "Extension is used for extension needs by OAM platform builders", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "podDisruptive": { + "description": "PodDisruptive specifies whether using the trait will cause the pod to restart or not.", "type": "boolean" }, "revisionEnabled": { + "description": "Revision indicates whether a trait is aware of component revision", "type": "boolean" }, "schematic": { - "additionalProperties": false, + "description": "Schematic defines the data format and template of the encapsulation of the trait", + "type": "object", "properties": { "cue": { - "additionalProperties": false, + "description": "CUE defines the encapsulation in CUE format", + "type": "object", + "required": [ + "template" + ], "properties": { "template": { + "description": "Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field. Template is a required field if CUE is defined in Capability Definition.", "type": "string" } - }, - "required": [ - "template" - ], - "type": "object" + } }, "helm": { - "additionalProperties": false, + "description": "A Helm represents resources used by a Helm module", + "type": "object", + "required": [ + "release", + "repository" + ], "properties": { "release": { + "description": "Release records a Helm release used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "repository": { + "description": "HelmRelease records a Helm repository used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "required": [ - "release", - "repository" - ], - "type": "object" + } }, "kube": { - "additionalProperties": false, + "description": "Kube defines the encapsulation in raw Kubernetes resource format", + "type": "object", + "required": [ + "template" + ], "properties": { "parameters": { + "description": "Parameters defines configurable parameters", + "type": "array", "items": { - "additionalProperties": false, + "description": "A KubeParameter defines a configurable parameter of a component.", + "type": "object", + "required": [ + "fieldPaths", + "name", + "type" + ], "properties": { "description": { + "description": "Description of this parameter.", "type": "string" }, "fieldPaths": { + "description": "FieldPaths specifies an array of fields within this workload that will be overwritten by the value of this parameter. \tAll fields must be of the same type. Fields are specified as JSON field paths without a leading dot, for example 'spec.replicas'.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "name": { + "description": "Name of this parameter", "type": "string" }, "required": { - "default": false, - "type": "boolean" + "description": "Required specifies whether or not a value for this parameter must be supplied when authoring an Application.", + "type": "boolean", + "default": false }, "type": { + "description": "ValueType indicates the type of the parameter value, and only supports basic data types: string, number, boolean.", + "type": "string", "enum": [ "string", "number", "boolean" - ], - "type": "string" + ] } - }, - "required": [ - "fieldPaths", - "name", - "type" - ], - "type": "object" - }, - "type": "array" + } + } }, "template": { + "description": "Template defines the raw Kubernetes resource", "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "required": [ - "template" - ], - "type": "object" + } }, "terraform": { - "additionalProperties": false, + "description": "Terraform is the struct to describe cloud resources managed by Hashicorp Terraform", + "type": "object", + "required": [ + "configuration" + ], "properties": { "configuration": { + "description": "Configuration is Terraform Configuration", "type": "string" }, "customRegion": { + "description": "Region is cloud provider's region. It will override the region in the region field of ProviderReference", "type": "string" }, "deleteResource": { - "default": true, - "type": "boolean" + "description": "DeleteResource will determine whether provisioned cloud resources will be deleted when CR is deleted", + "type": "boolean", + "default": true }, "gitCredentialsSecretReference": { - "additionalProperties": false, + "description": "GitCredentialsSecretReference specifies the reference to the secret containing the git credentials", + "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object", "x-kubernetes-map-type": "atomic" }, "path": { + "description": "Path is the sub-directory of remote git repository. It's valid when remote is set", "type": "string" }, "providerRef": { - "additionalProperties": false, + "description": "ProviderReference specifies the reference to Provider", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "namespace": { - "default": "default", - "type": "string" + "description": "Namespace of the referenced object.", + "type": "string", + "default": "default" } - }, - "required": [ - "name" - ], - "type": "object" + } }, "type": { + "description": "Type specifies which Terraform configuration it is, HCL or JSON syntax", + "type": "string", "default": "hcl", "enum": [ "hcl", "json", "remote" - ], - "type": "string" + ] }, "writeConnectionSecretToRef": { - "additionalProperties": false, + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } - }, - "required": [ - "name" - ], - "type": "object" + } } - }, - "required": [ - "configuration" - ], - "type": "object" + } } - }, - "type": "object" + } }, "status": { - "additionalProperties": false, + "description": "Status defines the custom health policy and status message for trait", + "type": "object", "properties": { "customStatus": { + "description": "CustomStatus defines the custom status message that could display to user", "type": "string" }, "healthPolicy": { + "description": "HealthPolicy defines the health check policy for the abstraction", "type": "string" } - }, - "type": "object" + } }, "workloadRefPath": { + "description": "WorkloadRefPath indicates where/if a trait accepts a workloadRef object", "type": "string" } - }, - "type": "object" + } }, "status": { - "additionalProperties": false, + "description": "TraitDefinitionStatus is the status of TraitDefinition", + "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } - }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + } + } }, "configMapRef": { + "description": "ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.", "type": "string" }, "latestRevision": { - "additionalProperties": false, + "description": "LatestRevision of the trait definition", + "type": "object", + "required": [ + "name", + "revision" + ], "properties": { "name": { "type": "string" }, "revision": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "revisionHash": { + "description": "RevisionHash record the hash value of the spec of ApplicationRevision object.", "type": "string" } - }, - "required": [ - "name", - "revision" - ], - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" - }, - "type": "object" + } + } }, "workloadDefinitions": { + "description": "WorkloadDefinitions records the snapshot of the workloadDefinitions related with the created/modified Application", + "type": "object", "additionalProperties": { - "additionalProperties": false, + "description": "A WorkloadDefinition registers a kind of Kubernetes custom resource as a valid OAM workload kind by referencing its CustomResourceDefinition. The CRD is used to validate the schema of the workload when it is embedded in an OAM Component.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -1618,291 +1854,321 @@ "namespace": { "type": "string" } - }, - "type": "object" + } }, "spec": { - "additionalProperties": false, + "description": "A WorkloadDefinitionSpec defines the desired state of a WorkloadDefinition.", + "type": "object", + "required": [ + "definitionRef" + ], "properties": { "childResourceKinds": { + "description": "ChildResourceKinds are the list of GVK of the child resources this workload generates", + "type": "array", "items": { - "additionalProperties": false, + "description": "A ChildResourceKind defines a child Kubernetes resource kind with a selector", + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { + "description": "APIVersion of the child resource", "type": "string" }, "kind": { + "description": "Kind of the child resource", "type": "string" }, "selector": { + "description": "Selector to select the child resources that the workload wants to expose to traits", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } - }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" - }, - "type": "array" + } + } }, "definitionRef": { - "additionalProperties": false, + "description": "Reference to the CustomResourceDefinition that defines this workload kind.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced CustomResourceDefinition.", "type": "string" }, "version": { + "description": "Version indicate which version should be used if CRD has multiple versions by default it will use the first one if not specified", "type": "string" } - }, - "required": [ - "name" - ], - "type": "object" + } }, "extension": { + "description": "Extension is used for extension needs by OAM platform builders", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "podSpecPath": { + "description": "PodSpecPath indicates where/if this workload has K8s podSpec field if one workload has podSpec, trait can do lot's of assumption such as port, env, volume fields.", "type": "string" }, "revisionLabel": { + "description": "RevisionLabel indicates which label for underlying resources(e.g. pods) of this workload can be used by trait to create resource selectors(e.g. label selector for pods).", "type": "string" }, "schematic": { - "additionalProperties": false, + "description": "Schematic defines the data format and template of the encapsulation of the workload", + "type": "object", "properties": { "cue": { - "additionalProperties": false, + "description": "CUE defines the encapsulation in CUE format", + "type": "object", + "required": [ + "template" + ], "properties": { "template": { + "description": "Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field. Template is a required field if CUE is defined in Capability Definition.", "type": "string" } - }, - "required": [ - "template" - ], - "type": "object" + } }, "helm": { - "additionalProperties": false, + "description": "A Helm represents resources used by a Helm module", + "type": "object", + "required": [ + "release", + "repository" + ], "properties": { "release": { + "description": "Release records a Helm release used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "repository": { + "description": "HelmRelease records a Helm repository used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "required": [ - "release", - "repository" - ], - "type": "object" + } }, "kube": { - "additionalProperties": false, + "description": "Kube defines the encapsulation in raw Kubernetes resource format", + "type": "object", + "required": [ + "template" + ], "properties": { "parameters": { + "description": "Parameters defines configurable parameters", + "type": "array", "items": { - "additionalProperties": false, + "description": "A KubeParameter defines a configurable parameter of a component.", + "type": "object", + "required": [ + "fieldPaths", + "name", + "type" + ], "properties": { "description": { + "description": "Description of this parameter.", "type": "string" }, "fieldPaths": { + "description": "FieldPaths specifies an array of fields within this workload that will be overwritten by the value of this parameter. \tAll fields must be of the same type. Fields are specified as JSON field paths without a leading dot, for example 'spec.replicas'.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "name": { + "description": "Name of this parameter", "type": "string" }, "required": { - "default": false, - "type": "boolean" + "description": "Required specifies whether or not a value for this parameter must be supplied when authoring an Application.", + "type": "boolean", + "default": false }, "type": { + "description": "ValueType indicates the type of the parameter value, and only supports basic data types: string, number, boolean.", + "type": "string", "enum": [ "string", "number", "boolean" - ], - "type": "string" + ] } - }, - "required": [ - "fieldPaths", - "name", - "type" - ], - "type": "object" - }, - "type": "array" + } + } }, "template": { + "description": "Template defines the raw Kubernetes resource", "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "required": [ - "template" - ], - "type": "object" + } }, "terraform": { - "additionalProperties": false, + "description": "Terraform is the struct to describe cloud resources managed by Hashicorp Terraform", + "type": "object", + "required": [ + "configuration" + ], "properties": { "configuration": { + "description": "Configuration is Terraform Configuration", "type": "string" }, "customRegion": { + "description": "Region is cloud provider's region. It will override the region in the region field of ProviderReference", "type": "string" }, "deleteResource": { - "default": true, - "type": "boolean" + "description": "DeleteResource will determine whether provisioned cloud resources will be deleted when CR is deleted", + "type": "boolean", + "default": true }, "gitCredentialsSecretReference": { - "additionalProperties": false, + "description": "GitCredentialsSecretReference specifies the reference to the secret containing the git credentials", + "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object", "x-kubernetes-map-type": "atomic" }, "path": { + "description": "Path is the sub-directory of remote git repository. It's valid when remote is set", "type": "string" }, "providerRef": { - "additionalProperties": false, + "description": "ProviderReference specifies the reference to Provider", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "namespace": { - "default": "default", - "type": "string" + "description": "Namespace of the referenced object.", + "type": "string", + "default": "default" } - }, - "required": [ - "name" - ], - "type": "object" + } }, "type": { + "description": "Type specifies which Terraform configuration it is, HCL or JSON syntax", + "type": "string", "default": "hcl", "enum": [ "hcl", "json", "remote" - ], - "type": "string" + ] }, "writeConnectionSecretToRef": { - "additionalProperties": false, + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } - }, - "required": [ - "name" - ], - "type": "object" + } } - }, - "required": [ - "configuration" - ], - "type": "object" + } } - }, - "type": "object" + } }, "status": { - "additionalProperties": false, + "description": "Status defines the custom health policy and status message for workload", + "type": "object", "properties": { "customStatus": { + "description": "CustomStatus defines the custom status message that could display to user", "type": "string" }, "healthPolicy": { + "description": "HealthPolicy defines the health check policy for the abstraction", "type": "string" } - }, - "type": "object" + } } - }, - "required": [ - "definitionRef" - ], - "type": "object" + } }, "status": { - "additionalProperties": false, + "description": "WorkloadDefinitionStatus is the status of WorkloadDefinition", + "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } - }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + } + } } - }, - "type": "object" + } } - }, - "type": "object" - }, - "type": "object" + } + } } }, - "required": [ - "application", - "applicationConfiguration" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/core.oam.dev/componentdefinition_v1alpha2.json b/schema/core.oam.dev/componentdefinition_v1alpha2.json index b04356611..edb178232 100644 --- a/schema/core.oam.dev/componentdefinition_v1alpha2.json +++ b/schema/core.oam.dev/componentdefinition_v1alpha2.json @@ -1,231 +1,286 @@ { + "description": "ComponentDefinition is the Schema for the componentdefinitions API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ComponentDefinitionSpec defines the desired state of ComponentDefinition", + "type": "object", + "required": [ + "workload" + ], "properties": { "childResourceKinds": { + "description": "ChildResourceKinds are the list of GVK of the child resources this workload generates", + "type": "array", "items": { - "additionalProperties": false, + "description": "A ChildResourceKind defines a child Kubernetes resource kind with a selector", + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { + "description": "APIVersion of the child resource", "type": "string" }, "kind": { + "description": "Kind of the child resource", "type": "string" }, "selector": { + "description": "Selector to select the child resources that the workload wants to expose to traits", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "extension": { + "description": "Extension is used for extension needs by OAM platform builders", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "podSpecPath": { + "description": "PodSpecPath indicates where/if this workload has K8s podSpec field if one workload has podSpec, trait can do lot's of assumption such as port, env, volume fields.", "type": "string" }, "revisionLabel": { + "description": "RevisionLabel indicates which label for underlying resources(e.g. pods) of this workload can be used by trait to create resource selectors(e.g. label selector for pods).", "type": "string" }, "schematic": { - "additionalProperties": false, + "description": "Schematic defines the data format and template of the encapsulation of the workload", + "type": "object", "properties": { "cue": { - "additionalProperties": false, + "description": "CUE defines the encapsulation in CUE format", + "type": "object", + "required": [ + "template" + ], "properties": { "template": { + "description": "Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field. Template is a required field if CUE is defined in Capability Definition.", "type": "string" } }, - "required": [ - "template" - ], - "type": "object" + "additionalProperties": false }, "helm": { - "additionalProperties": false, + "description": "A Helm represents resources used by a Helm module", + "type": "object", + "required": [ + "release", + "repository" + ], "properties": { "release": { + "description": "Release records a Helm release used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "repository": { + "description": "HelmRelease records a Helm repository used by a Helm module workload.", "type": "object", "x-kubernetes-preserve-unknown-fields": true } }, - "required": [ - "release", - "repository" - ], - "type": "object" + "additionalProperties": false }, "kube": { - "additionalProperties": false, + "description": "Kube defines the encapsulation in raw Kubernetes resource format", + "type": "object", + "required": [ + "template" + ], "properties": { "parameters": { + "description": "Parameters defines configurable parameters", + "type": "array", "items": { - "additionalProperties": false, + "description": "A KubeParameter defines a configurable parameter of a component.", + "type": "object", + "required": [ + "fieldPaths", + "name", + "type" + ], "properties": { "description": { + "description": "Description of this parameter.", "type": "string" }, "fieldPaths": { + "description": "FieldPaths specifies an array of fields within this workload that will be overwritten by the value of this parameter. \tAll fields must be of the same type. Fields are specified as JSON field paths without a leading dot, for example 'spec.replicas'.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "name": { + "description": "Name of this parameter", "type": "string" }, "required": { - "default": false, - "type": "boolean" + "description": "Required specifies whether or not a value for this parameter must be supplied when authoring an Application.", + "type": "boolean", + "default": false }, "type": { + "description": "ValueType indicates the type of the parameter value, and only supports basic data types: string, number, boolean.", + "type": "string", "enum": [ "string", "number", "boolean" - ], - "type": "string" + ] } }, - "required": [ - "fieldPaths", - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "template": { + "description": "Template defines the raw Kubernetes resource", "type": "object", "x-kubernetes-preserve-unknown-fields": true } }, - "required": [ - "template" - ], - "type": "object" + "additionalProperties": false }, "terraform": { - "additionalProperties": false, + "description": "Terraform is the struct to describe cloud resources managed by Hashicorp Terraform", + "type": "object", + "required": [ + "configuration" + ], "properties": { "configuration": { + "description": "Configuration is Terraform Configuration", "type": "string" }, "customRegion": { + "description": "Region is cloud provider's region. It will override the region in the region field of ProviderReference", "type": "string" }, "deleteResource": { - "default": true, - "type": "boolean" + "description": "DeleteResource will determine whether provisioned cloud resources will be deleted when CR is deleted", + "type": "boolean", + "default": true }, "gitCredentialsSecretReference": { - "additionalProperties": false, + "description": "GitCredentialsSecretReference specifies the reference to the secret containing the git credentials", + "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "path": { + "description": "Path is the sub-directory of remote git repository. It's valid when remote is set", "type": "string" }, "providerRef": { - "additionalProperties": false, + "description": "ProviderReference specifies the reference to Provider", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "namespace": { - "default": "default", - "type": "string" + "description": "Namespace of the referenced object.", + "type": "string", + "default": "default" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "type": { + "description": "Type specifies which Terraform configuration it is, HCL or JSON syntax", + "type": "string", "default": "hcl", "enum": [ "hcl", "json", "remote" - ], - "type": "string" + ] }, "writeConnectionSecretToRef": { - "additionalProperties": false, + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "configuration" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "Status defines the custom health policy and status message for workload", + "type": "object", "properties": { "customStatus": { + "description": "CustomStatus defines the custom status message that could display to user", "type": "string" }, "healthPolicy": { + "description": "HealthPolicy defines the health check policy for the abstraction", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "workload": { - "additionalProperties": false, + "description": "Workload is a workload type descriptor", + "type": "object", "properties": { "definition": { - "additionalProperties": false, + "description": "Definition mutually exclusive to workload.type, a embedded WorkloadDefinition", + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { "type": "string" @@ -234,84 +289,88 @@ "type": "string" } }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" + "additionalProperties": false }, "type": { + "description": "Type ref to a WorkloadDefinition via name", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "workload" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "ComponentDefinitionStatus is the status of ComponentDefinition", + "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "configMapRef": { + "description": "ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.", "type": "string" }, "latestRevision": { - "additionalProperties": false, + "description": "LatestRevision of the component definition", + "type": "object", + "required": [ + "name", + "revision" + ], "properties": { "name": { "type": "string" }, "revision": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "revisionHash": { + "description": "RevisionHash record the hash value of the spec of ApplicationRevision object.", "type": "string" } }, - "required": [ - "name", - "revision" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/core.oam.dev/envbinding_v1alpha1.json b/schema/core.oam.dev/envbinding_v1alpha1.json index 3d9ce330d..72961dbdc 100644 --- a/schema/core.oam.dev/envbinding_v1alpha1.json +++ b/schema/core.oam.dev/envbinding_v1alpha1.json @@ -1,52 +1,85 @@ { + "description": "EnvBinding is the Schema for the EnvBinding API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "A EnvBindingSpec defines the desired state of a EnvBinding.", + "type": "object", + "required": [ + "appTemplate", + "envs" + ], "properties": { "appTemplate": { + "description": "AppTemplate indicates the application template.", "type": "object", - "x-kubernetes-embedded-resource": true, - "x-kubernetes-preserve-unknown-fields": true + "x-kubernetes-preserve-unknown-fields": true, + "x-kubernetes-embedded-resource": true }, "engine": { + "description": "ClusterManagementEngine represents a multi-cluster management solution", "type": "string" }, "envs": { + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvConfig is the configuration for different environments.", + "type": "object", + "required": [ + "name", + "patch" + ], "properties": { "name": { "type": "string" }, "patch": { - "additionalProperties": false, + "description": "EnvPatch specify the parameter configuration for different environments", + "type": "object", + "required": [ + "components" + ], "properties": { "components": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationComponent describe the component of application", + "type": "object", + "required": [ + "name", + "type" + ], "properties": { - "additionalProperties": false, "dependsOn": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "externalRevision": { + "description": "ExternalRevision specified the component revisionName", "type": "string" }, "inputs": { + "description": "StepInputs defines variable input of WorkflowStep", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "from", + "parameterKey" + ], "properties": { "from": { "type": "string" @@ -55,20 +88,21 @@ "type": "string" } }, - "required": [ - "from", - "parameterKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" }, "outputs": { + "description": "StepOutputs defines output variable of WorkflowStep", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "valueFrom" + ], "properties": { "name": { "type": "string" @@ -77,30 +111,31 @@ "type": "string" } }, - "required": [ - "name", - "valueFrom" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "properties": { "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "scopes": { + "description": "scopes in ApplicationComponent defines the component-level scopes the format is \u003cscope-type:scope-instance-name\u003e pairs, the key represents type of `ScopeDefinition` while the value represent the name of scope instance.", + "type": "object", "additionalProperties": { "type": "string" }, - "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "traits": { + "description": "Traits define the trait of one component, the type must be array to keep the order.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ApplicationTrait defines the trait of application", + "type": "object", + "required": [ + "type" + ], "properties": { - "additionalProperties": false, "properties": { "type": "object", "x-kubernetes-preserve-unknown-fields": true @@ -109,116 +144,112 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "type": { "type": "string" } }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "components" - ], - "type": "object" + "additionalProperties": false }, "placement": { - "additionalProperties": false, + "description": "EnvPlacement defines the placement rules for an app.", + "type": "object", "properties": { "clusterSelector": { - "additionalProperties": false, + "description": "ClusterSelector defines the rules to select a Cluster resource. Either name or labels is needed.", + "type": "object", "properties": { "labels": { + "description": "Labels defines the label selector to select the cluster.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { + "description": "Name is the name of the cluster.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "namespaceSelector": { - "additionalProperties": false, + "description": "NamespaceSelector defines the rules to select a Namespace resource. Either name or labels is needed.", + "type": "object", "properties": { "labels": { + "description": "Labels defines the label selector to select the namespace.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { + "description": "Name is the name of the namespace.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "EnvSelector defines which components should this env contains", + "type": "object", "properties": { "components": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name", - "patch" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "outputResourcesTo": { - "additionalProperties": false, + "description": "OutputResourcesTo specifies the namespace and name of a ConfigMap which store the resources rendered after differentiated configuration", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "appTemplate", - "envs" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "A EnvBindingStatus is the status of EnvBinding", + "type": "object", "properties": { "clusterDecisions": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ClusterDecision recorded the mapping of environment and cluster", + "type": "object", + "required": [ + "env" + ], "properties": { "cluster": { "type": "string" @@ -230,77 +261,88 @@ "type": "string" } }, - "required": [ - "env" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "phase": { + "description": "EnvBindingPhase is a label for the condition of a EnvBinding at the current time", "type": "string" }, "resourceTracker": { - "additionalProperties": false, + "description": "ResourceTracker record the status of the ResourceTracker", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/core.oam.dev/healthscope_v1alpha2.json b/schema/core.oam.dev/healthscope_v1alpha2.json index 0493d84bf..af5f26c27 100644 --- a/schema/core.oam.dev/healthscope_v1alpha2.json +++ b/schema/core.oam.dev/healthscope_v1alpha2.json @@ -1,160 +1,211 @@ { + "description": "A HealthScope determines an aggregate health status based of the health of components.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "A HealthScopeSpec defines the desired state of a HealthScope.", + "type": "object", + "required": [ + "workloadRefs" + ], "properties": { "appReferences": { + "description": "AppRefs records references of applications' components", + "type": "array", "items": { - "additionalProperties": false, + "description": "AppReference records references of an application's components", + "type": "object", "properties": { "appName": { "type": "string" }, "compReferences": { + "type": "array", "items": { - "additionalProperties": false, + "description": "CompReference records references of a component's resources", + "type": "object", "properties": { "compName": { "type": "string" }, "traits": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "workload": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "probe-interval": { - "format": "int32", - "type": "integer" + "description": "ProbeInterval is the amount of time in seconds between probing tries.", + "type": "integer", + "format": "int32" }, "probe-timeout": { - "format": "int32", - "type": "integer" + "description": "ProbeTimeout is the amount of time in seconds to wait when receiving a response before marked failure.", + "type": "integer", + "format": "int32" }, "workloadRefs": { + "description": "WorkloadReferences to the workloads that are in this scope.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } } }, - "required": [ - "workloadRefs" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "A HealthScopeStatus represents the observed state of a HealthScope.", + "type": "object", + "required": [ + "scopeHealthCondition" + ], "properties": { "appHealthConditions": { + "description": "AppHealthConditions represents health condition of applications in the scope", + "type": "array", "items": { - "additionalProperties": false, + "description": "AppHealthCondition represents health condition of an application", + "type": "object", + "required": [ + "appName" + ], "properties": { "appName": { "type": "string" }, "components": { + "type": "array", "items": { - "additionalProperties": false, + "description": "WorkloadHealthCondition represents informative health condition of a workload.", + "type": "object", + "required": [ + "healthStatus" + ], "properties": { "componentName": { + "description": "ComponentName represents the component name if target is a workload", "type": "string" }, "customStatusMsg": { @@ -164,39 +215,55 @@ "type": "string" }, "healthStatus": { + "description": "HealthStatus represents health status strings.", "type": "string" }, "targetWorkload": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "traits": { + "type": "array", "items": { - "additionalProperties": false, + "description": "TraitHealthCondition represents informative health condition of a trait.", + "type": "object", + "required": [ + "healthStatus", + "resource", + "type" + ], "properties": { "customStatusMsg": { "type": "string" @@ -205,6 +272,7 @@ "type": "string" }, "healthStatus": { + "description": "HealthStatus represents health status strings.", "type": "string" }, "resource": { @@ -214,73 +282,74 @@ "type": "string" } }, - "required": [ - "healthStatus", - "resource", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workloadStatus": { + "description": "WorkloadStatus represents status of workloads whose HealthStatus is UNKNOWN.", "type": "string" } }, - "required": [ - "healthStatus" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envName": { "type": "string" } }, - "required": [ - "appName" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "healthConditions": { + "description": "WorkloadHealthConditions represents health condition of workloads in the scope Use AppHealthConditions to provide app level status", + "type": "array", "items": { - "additionalProperties": false, + "description": "WorkloadHealthCondition represents informative health condition of a workload.", + "type": "object", + "required": [ + "healthStatus" + ], "properties": { "componentName": { + "description": "ComponentName represents the component name if target is a workload", "type": "string" }, "customStatusMsg": { @@ -290,39 +359,55 @@ "type": "string" }, "healthStatus": { + "description": "HealthStatus represents health status strings.", "type": "string" }, "targetWorkload": { - "additionalProperties": false, + "description": "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "traits": { + "type": "array", "items": { - "additionalProperties": false, + "description": "TraitHealthCondition represents informative health condition of a trait.", + "type": "object", + "required": [ + "healthStatus", + "resource", + "type" + ], "properties": { "customStatusMsg": { "type": "string" @@ -331,6 +416,7 @@ "type": "string" }, "healthStatus": { + "description": "HealthStatus represents health status strings.", "type": "string" }, "resource": { @@ -340,60 +426,49 @@ "type": "string" } }, - "required": [ - "healthStatus", - "resource", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workloadStatus": { + "description": "WorkloadStatus represents status of workloads whose HealthStatus is UNKNOWN.", "type": "string" } }, - "required": [ - "healthStatus" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "scopeHealthCondition": { - "additionalProperties": false, + "description": "ScopeHealthCondition represents health condition summary of the scope", + "type": "object", + "required": [ + "healthStatus" + ], "properties": { "healthStatus": { + "description": "HealthStatus represents health status strings.", "type": "string" }, "healthyWorkloads": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "total": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "unhealthyWorkloads": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "unknownWorkloads": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" } }, - "required": [ - "healthStatus" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "scopeHealthCondition" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/core.oam.dev/manualscalertrait_v1alpha2.json b/schema/core.oam.dev/manualscalertrait_v1alpha2.json index aeb9dd92a..1002eb5ee 100644 --- a/schema/core.oam.dev/manualscalertrait_v1alpha2.json +++ b/schema/core.oam.dev/manualscalertrait_v1alpha2.json @@ -29,26 +29,33 @@ "workloadRef": { "description": "WorkloadReference to the workload this trait applies to.", "type": "object", - "required": [ - "apiVersion", - "kind", - "name" - ], "properties": { "apiVersion": { - "description": "APIVersion of the referenced object.", + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { - "description": "Kind of the referenced object.", + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { - "description": "Name of the referenced object.", + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { - "description": "UID of the referenced object.", + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, diff --git a/schema/core.oam.dev/scopedefinition_v1alpha2.json b/schema/core.oam.dev/scopedefinition_v1alpha2.json index 9a10a9299..cfac2ac1c 100644 --- a/schema/core.oam.dev/scopedefinition_v1alpha2.json +++ b/schema/core.oam.dev/scopedefinition_v1alpha2.json @@ -35,9 +35,22 @@ "name": { "description": "Name of the referenced CustomResourceDefinition.", "type": "string" + }, + "version": { + "description": "Version indicate which version should be used if CRD has multiple versions by default it will use the first one if not specified", + "type": "string" } }, "additionalProperties": false + }, + "extension": { + "description": "Extension is used for extension needs by OAM platform builders", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "workloadRefsPath": { + "description": "WorkloadRefsPath indicates if/where a scope accepts workloadRef objects", + "type": "string" } }, "additionalProperties": false diff --git a/schema/core.oam.dev/scopedefinition_v1beta1.json b/schema/core.oam.dev/scopedefinition_v1beta1.json index e862a0285..cfac2ac1c 100644 --- a/schema/core.oam.dev/scopedefinition_v1beta1.json +++ b/schema/core.oam.dev/scopedefinition_v1beta1.json @@ -1,49 +1,59 @@ { + "description": "A ScopeDefinition registers a kind of Kubernetes custom resource as a valid OAM scope kind by referencing its CustomResourceDefinition. The CRD is used to validate the schema of the scope when it is embedded in an OAM ApplicationConfiguration.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "A ScopeDefinitionSpec defines the desired state of a ScopeDefinition.", + "type": "object", + "required": [ + "allowComponentOverlap", + "definitionRef" + ], "properties": { "allowComponentOverlap": { + "description": "AllowComponentOverlap specifies whether an OAM component may exist in multiple instances of this kind of scope.", "type": "boolean" }, "definitionRef": { - "additionalProperties": false, + "description": "Reference to the CustomResourceDefinition that defines this scope kind.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the referenced CustomResourceDefinition.", "type": "string" }, "version": { + "description": "Version indicate which version should be used if CRD has multiple versions by default it will use the first one if not specified", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "extension": { + "description": "Extension is used for extension needs by OAM platform builders", "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "workloadRefsPath": { + "description": "WorkloadRefsPath indicates if/where a scope accepts workloadRef objects", "type": "string" } }, - "required": [ - "allowComponentOverlap", - "definitionRef" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/core.oam.dev/traitdefinition_v1alpha2.json b/schema/core.oam.dev/traitdefinition_v1alpha2.json index 11437f64e..debe7ffd2 100644 --- a/schema/core.oam.dev/traitdefinition_v1alpha2.json +++ b/schema/core.oam.dev/traitdefinition_v1alpha2.json @@ -16,9 +16,6 @@ "spec": { "description": "A TraitDefinitionSpec defines the desired state of a TraitDefinition.", "type": "object", - "required": [ - "definitionRef" - ], "properties": { "appliesToWorkloads": { "description": "AppliesToWorkloads specifies the list of workload kinds this trait applies to. Workload kinds are specified in kind.group/version format, e.g. server.core.oam.dev/v1alpha2. Traits that omit this field apply to all workload kinds.", @@ -27,6 +24,13 @@ "type": "string" } }, + "conflictsWith": { + "description": "ConflictsWith specifies the list of traits(CRD name, Definition name, CRD group) which could not apply to the same workloads with this trait. Traits that omit this field can work with any other traits. Example rules: \"service\" # Trait definition name \"services.k8s.io\" # API resource/crd name \"*.networking.k8s.io\" # API group \"labelSelector:foo=bar\" # label selector labelSelector format: https://pkg.go.dev/k8s.io/apimachinery/pkg/labels#Parse", + "type": "array", + "items": { + "type": "string" + } + }, "definitionRef": { "description": "Reference to the CustomResourceDefinition that defines this trait kind.", "type": "object", @@ -37,6 +41,305 @@ "name": { "description": "Name of the referenced CustomResourceDefinition.", "type": "string" + }, + "version": { + "description": "Version indicate which version should be used if CRD has multiple versions by default it will use the first one if not specified", + "type": "string" + } + }, + "additionalProperties": false + }, + "extension": { + "description": "Extension is used for extension needs by OAM platform builders", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "podDisruptive": { + "description": "PodDisruptive specifies whether using the trait will cause the pod to restart or not.", + "type": "boolean" + }, + "revisionEnabled": { + "description": "Revision indicates whether a trait is aware of component revision", + "type": "boolean" + }, + "schematic": { + "description": "Schematic defines the data format and template of the encapsulation of the trait", + "type": "object", + "properties": { + "cue": { + "description": "CUE defines the encapsulation in CUE format", + "type": "object", + "required": [ + "template" + ], + "properties": { + "template": { + "description": "Template defines the abstraction template data of the capability, it will replace the old CUE template in extension field. Template is a required field if CUE is defined in Capability Definition.", + "type": "string" + } + }, + "additionalProperties": false + }, + "helm": { + "description": "A Helm represents resources used by a Helm module", + "type": "object", + "required": [ + "release", + "repository" + ], + "properties": { + "release": { + "description": "Release records a Helm release used by a Helm module workload.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "repository": { + "description": "HelmRelease records a Helm repository used by a Helm module workload.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "additionalProperties": false + }, + "kube": { + "description": "Kube defines the encapsulation in raw Kubernetes resource format", + "type": "object", + "required": [ + "template" + ], + "properties": { + "parameters": { + "description": "Parameters defines configurable parameters", + "type": "array", + "items": { + "description": "A KubeParameter defines a configurable parameter of a component.", + "type": "object", + "required": [ + "fieldPaths", + "name", + "type" + ], + "properties": { + "description": { + "description": "Description of this parameter.", + "type": "string" + }, + "fieldPaths": { + "description": "FieldPaths specifies an array of fields within this workload that will be overwritten by the value of this parameter. \tAll fields must be of the same type. Fields are specified as JSON field paths without a leading dot, for example 'spec.replicas'.", + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "description": "Name of this parameter", + "type": "string" + }, + "required": { + "description": "Required specifies whether or not a value for this parameter must be supplied when authoring an Application.", + "type": "boolean", + "default": false + }, + "type": { + "description": "ValueType indicates the type of the parameter value, and only supports basic data types: string, number, boolean.", + "type": "string", + "enum": [ + "string", + "number", + "boolean" + ] + } + }, + "additionalProperties": false + } + }, + "template": { + "description": "Template defines the raw Kubernetes resource", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "additionalProperties": false + }, + "terraform": { + "description": "Terraform is the struct to describe cloud resources managed by Hashicorp Terraform", + "type": "object", + "required": [ + "configuration" + ], + "properties": { + "configuration": { + "description": "Configuration is Terraform Configuration", + "type": "string" + }, + "customRegion": { + "description": "Region is cloud provider's region. It will override the region in the region field of ProviderReference", + "type": "string" + }, + "deleteResource": { + "description": "DeleteResource will determine whether provisioned cloud resources will be deleted when CR is deleted", + "type": "boolean", + "default": true + }, + "gitCredentialsSecretReference": { + "description": "GitCredentialsSecretReference specifies the reference to the secret containing the git credentials", + "type": "object", + "properties": { + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "path": { + "description": "Path is the sub-directory of remote git repository. It's valid when remote is set", + "type": "string" + }, + "providerRef": { + "description": "ProviderReference specifies the reference to Provider", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name of the referenced object.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referenced object.", + "type": "string", + "default": "default" + } + }, + "additionalProperties": false + }, + "type": { + "description": "Type specifies which Terraform configuration it is, HCL or JSON syntax", + "type": "string", + "default": "hcl", + "enum": [ + "hcl", + "json", + "remote" + ] + }, + "writeConnectionSecretToRef": { + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name of the secret.", + "type": "string" + }, + "namespace": { + "description": "Namespace of the secret.", + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "status": { + "description": "Status defines the custom health policy and status message for trait", + "type": "object", + "properties": { + "customStatus": { + "description": "CustomStatus defines the custom status message that could display to user", + "type": "string" + }, + "healthPolicy": { + "description": "HealthPolicy defines the health check policy for the abstraction", + "type": "string" + } + }, + "additionalProperties": false + }, + "workloadRefPath": { + "description": "WorkloadRefPath indicates where/if a trait accepts a workloadRef object", + "type": "string" + } + }, + "additionalProperties": false + }, + "status": { + "description": "TraitDefinitionStatus is the status of TraitDefinition", + "type": "object", + "properties": { + "conditions": { + "description": "Conditions of the resource.", + "type": "array", + "items": { + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], + "properties": { + "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" + }, + "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", + "type": "string" + }, + "reason": { + "description": "A Reason for this condition's last transition from one status to another.", + "type": "string" + }, + "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", + "type": "string" + }, + "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", + "type": "string" + } + }, + "additionalProperties": false + } + }, + "configMapRef": { + "description": "ConfigMapRef refer to a ConfigMap which contains OpenAPI V3 JSON schema of Component parameters.", + "type": "string" + }, + "latestRevision": { + "description": "LatestRevision of the trait definition", + "type": "object", + "required": [ + "name", + "revision" + ], + "properties": { + "name": { + "type": "string" + }, + "revision": { + "type": "integer", + "format": "int64" + }, + "revisionHash": { + "description": "RevisionHash record the hash value of the spec of ApplicationRevision object.", + "type": "string" } }, "additionalProperties": false diff --git a/schema/core.oam.dev/workflow_v1beta1.json b/schema/core.oam.dev/workflow_v1beta1.json index 6c04f53de..4a0fc9ef1 100644 --- a/schema/core.oam.dev/workflow_v1beta1.json +++ b/schema/core.oam.dev/workflow_v1beta1.json @@ -1,37 +1,53 @@ { + "description": "Workflow defines workflow steps and other attributes", + "type": "object", "properties": { "mode": { - "additionalProperties": false, + "description": "WorkflowExecuteMode defines the mode of workflow execution", + "type": "object", "properties": { "steps": { + "description": "WorkflowMode describes the mode of workflow", "type": "string" }, "subSteps": { + "description": "WorkflowMode describes the mode of workflow", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ref": { "type": "string" }, "steps": { + "type": "array", "items": { - "additionalProperties": false, + "description": "WorkflowStep defines how to execute a workflow step.", + "type": "object", + "required": [ + "name", + "type" + ], "properties": { - "additionalProperties": false, "dependsOn": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "if": { "type": "string" }, "inputs": { + "description": "StepInputs defines variable input of WorkflowStep", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "from", + "parameterKey" + ], "properties": { "from": { "type": "string" @@ -40,29 +56,32 @@ "type": "string" } }, - "required": [ - "from", - "parameterKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "meta": { - "additionalProperties": false, + "description": "WorkflowStepMeta contains the meta data of a workflow step", + "type": "object", "properties": { "alias": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name is the unique name of the workflow step.", "type": "string" }, "outputs": { + "description": "StepOutputs defines output variable of WorkflowStep", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "valueFrom" + ], "properties": { "name": { "type": "string" @@ -71,35 +90,41 @@ "type": "string" } }, - "required": [ - "name", - "valueFrom" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "properties": { "type": "object", "x-kubernetes-preserve-unknown-fields": true }, "subSteps": { + "type": "array", "items": { - "additionalProperties": false, + "description": "WorkflowSubStep defines how to execute a workflow subStep.", + "type": "object", + "required": [ + "name", + "type" + ], "properties": { - "additionalProperties": false, "dependsOn": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "if": { "type": "string" }, "inputs": { + "description": "StepInputs defines variable input of WorkflowStep", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "from", + "parameterKey" + ], "properties": { "from": { "type": "string" @@ -108,29 +133,32 @@ "type": "string" } }, - "required": [ - "from", - "parameterKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "meta": { - "additionalProperties": false, + "description": "WorkflowStepMeta contains the meta data of a workflow step", + "type": "object", "properties": { "alias": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name is the unique name of the workflow step.", "type": "string" }, "outputs": { + "description": "StepOutputs defines output variable of WorkflowStep", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "valueFrom" + ], "properties": { "name": { "type": "string" @@ -139,13 +167,8 @@ "type": "string" } }, - "required": [ - "name", - "valueFrom" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "properties": { "type": "object", @@ -158,13 +181,8 @@ "type": "string" } }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "timeout": { "type": "string" @@ -173,14 +191,8 @@ "type": "string" } }, - "required": [ - "name", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } - }, - "type": "object" + } } diff --git a/schema/csi.storage.k8s.io/csinodeinfo_v1alpha1.json b/schema/csi.storage.k8s.io/csinodeinfo_v1alpha1.json new file mode 100644 index 000000000..5c2911a11 --- /dev/null +++ b/schema/csi.storage.k8s.io/csinodeinfo_v1alpha1.json @@ -0,0 +1,27 @@ +{ + "properties": { + "csiDrivers": { + "description": "List of CSI drivers running on the node and their properties.", + "type": "array", + "items": { + "properties": { + "driver": { + "description": "The CSI driver that this object refers to.", + "type": "string" + }, + "nodeID": { + "description": "The node from the driver point of view.", + "type": "string" + }, + "topologyKeys": { + "description": "List of keys supported by the driver.", + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } +} diff --git a/schema/dapr.io/component_v1alpha1.json b/schema/dapr.io/component_v1alpha1.json index 0fa8c12a2..1412dd7bc 100644 --- a/schema/dapr.io/component_v1alpha1.json +++ b/schema/dapr.io/component_v1alpha1.json @@ -1,13 +1,13 @@ { - "description": "Component describes an Dapr component type.", + "description": "Component describes an Dapr component type", "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "auth": { - "description": "Auth represents authentication details for the component.", + "description": "Auth represents authentication details for the component", "type": "object", "required": [ "secretStore" @@ -20,7 +20,7 @@ "additionalProperties": false }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -33,7 +33,7 @@ } }, "spec": { - "description": "ComponentSpec is the spec for a component.", + "description": "ComponentSpec is the spec for a component", "type": "object", "required": [ "metadata", @@ -50,40 +50,33 @@ "metadata": { "type": "array", "items": { - "description": "NameValuePair is a name/value pair.", + "description": "MetadataItem is a name/value pair for a metadata", "type": "object", "required": [ "name" ], "properties": { - "envRef": { - "description": "EnvRef is the name of an environmental variable to read the value from.", - "type": "string" - }, "name": { - "description": "Name of the property.", "type": "string" }, "secretKeyRef": { - "description": "SecretKeyRef is the reference of a value in a secret store component.", + "description": "SecretKeyRef is a reference to a secret holding the value for the metadata item. Name is the secret name, and key is the field in the secret.", "type": "object", "required": [ + "key", "name" ], "properties": { "key": { - "description": "Field in the secret.", "type": "string" }, "name": { - "description": "Secret name.", "type": "string" } }, "additionalProperties": false }, "value": { - "description": "Value of the property, in plaintext.", "x-kubernetes-preserve-unknown-fields": true } }, diff --git a/schema/dapr.io/configuration_v1alpha1.json b/schema/dapr.io/configuration_v1alpha1.json index f6afa815b..847a819b4 100644 --- a/schema/dapr.io/configuration_v1alpha1.json +++ b/schema/dapr.io/configuration_v1alpha1.json @@ -3,18 +3,18 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "ConfigurationSpec is the spec for a configuration.", + "description": "ConfigurationSpec is the spec for an configuration.", "type": "object", "properties": { "accessControl": { @@ -86,34 +86,9 @@ "type": "object", "properties": { "allowed": { - "description": "List of allowed APIs. Can be used in conjunction with denied.", "type": "array", "items": { - "description": "APIAccessRule describes an access rule for allowing or denying a Dapr API.", - "type": "object", - "required": [ - "name", - "version" - ], - "properties": { - "name": { - "type": "string" - }, - "protocol": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "denied": { - "description": "List of denied APIs. Can be used in conjunction with allowed.", - "type": "array", - "items": { - "description": "APIAccessRule describes an access rule for allowing or denying a Dapr API.", + "description": "APIAccessRule describes an access rule for allowing a Dapr API to be enabled and accessible by an app.", "type": "object", "required": [ "name", @@ -290,32 +265,6 @@ }, "additionalProperties": false }, - "logging": { - "description": "LoggingSpec defines the configuration for logging.", - "type": "object", - "properties": { - "apiLogging": { - "description": "Configure API logging.", - "type": "object", - "properties": { - "enabled": { - "description": "Default value for enabling API logging. Sidecars can always override this by setting `--enable-api-logging` to true or false explicitly.\nThe default value is false.", - "type": "boolean" - }, - "obfuscateURLs": { - "description": "When enabled, obfuscates the values of URLs in HTTP API logs, logging the route name rather than the full path being invoked, which could contain PII.\nDefault: false.\nThis option has no effect if API logging is disabled.", - "type": "boolean" - }, - "omitHealthChecks": { - "description": "If true, health checks are not reported in API logs. Default: false.\nThis option has no effect if API logging is disabled.", - "type": "boolean" - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - }, "metric": { "description": "MetricSpec defines metrics configuration.", "type": "object", @@ -328,164 +277,6 @@ "properties": { "enabled": { "type": "boolean" - }, - "http": { - "description": "MetricHTTP defines configuration for metrics for the HTTP server", - "type": "object", - "properties": { - "excludeVerbs": { - "description": "If true (default is false) HTTP verbs (e.g., GET, POST) are excluded from the metrics.", - "type": "boolean" - }, - "increasedCardinality": { - "description": "If false, metrics for the HTTP server are collected with increased cardinality.\nThe default is true in Dapr 1.13, but will be changed to false in 1.15+", - "type": "boolean" - }, - "pathMatching": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "additionalProperties": false - }, - "latencyDistributionBuckets": { - "description": "The LatencyDistributionBuckets variable specifies the latency distribution buckets (in milliseconds) used for\nhistograms in the application. If this variable is not set or left empty, the application will default to using the standard histogram buckets.\nThe default histogram latency buckets (in milliseconds) are as follows:\n 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1,000, 2,000, 5,000, 10,000, 20,000, 50,000, 100,000.", - "type": "array", - "items": { - "type": "integer" - } - }, - "recordErrorCodes": { - "type": "boolean" - }, - "rules": { - "type": "array", - "items": { - "description": "MetricsRule defines configuration options for a metric.", - "type": "object", - "required": [ - "labels", - "name" - ], - "properties": { - "labels": { - "type": "array", - "items": { - "description": "MetricsLabel defines an object that allows to set regex expressions for a label.", - "type": "object", - "required": [ - "name", - "regex" - ], - "properties": { - "name": { - "type": "string" - }, - "regex": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "additionalProperties": false - } - }, - "name": { - "type": "string" - } - }, - "additionalProperties": false - } - } - }, - "additionalProperties": false - }, - "metrics": { - "description": "MetricSpec defines metrics configuration.", - "type": "object", - "default": { - "enabled": true - }, - "required": [ - "enabled" - ], - "properties": { - "enabled": { - "type": "boolean" - }, - "http": { - "description": "MetricHTTP defines configuration for metrics for the HTTP server", - "type": "object", - "properties": { - "excludeVerbs": { - "description": "If true (default is false) HTTP verbs (e.g., GET, POST) are excluded from the metrics.", - "type": "boolean" - }, - "increasedCardinality": { - "description": "If false, metrics for the HTTP server are collected with increased cardinality.\nThe default is true in Dapr 1.13, but will be changed to false in 1.15+", - "type": "boolean" - }, - "pathMatching": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "additionalProperties": false - }, - "latencyDistributionBuckets": { - "description": "The LatencyDistributionBuckets variable specifies the latency distribution buckets (in milliseconds) used for\nhistograms in the application. If this variable is not set or left empty, the application will default to using the standard histogram buckets.\nThe default histogram latency buckets (in milliseconds) are as follows:\n 1, 2, 3, 4, 5, 6, 8, 10, 13, 16, 20, 25, 30, 40, 50, 65, 80, 100, 130, 160, 200, 250, 300, 400, 500, 650, 800, 1,000, 2,000, 5,000, 10,000, 20,000, 50,000, 100,000.", - "type": "array", - "items": { - "type": "integer" - } - }, - "recordErrorCodes": { - "type": "boolean" - }, - "rules": { - "type": "array", - "items": { - "description": "MetricsRule defines configuration options for a metric.", - "type": "object", - "required": [ - "labels", - "name" - ], - "properties": { - "labels": { - "type": "array", - "items": { - "description": "MetricsLabel defines an object that allows to set regex expressions for a label.", - "type": "object", - "required": [ - "name", - "regex" - ], - "properties": { - "name": { - "type": "string" - }, - "regex": { - "type": "object", - "additionalProperties": { - "type": "string" - } - } - }, - "additionalProperties": false - } - }, - "name": { - "type": "string" - } - }, - "additionalProperties": false - } } }, "additionalProperties": false @@ -494,49 +285,15 @@ "description": "MTLSSpec defines mTLS configuration.", "type": "object", "required": [ - "controlPlaneTrustDomain", - "enabled", - "sentryAddress" + "enabled" ], "properties": { "allowedClockSkew": { "type": "string" }, - "controlPlaneTrustDomain": { - "type": "string" - }, "enabled": { "type": "boolean" }, - "sentryAddress": { - "type": "string" - }, - "tokenValidators": { - "description": "Additional token validators to use.\nWhen Dapr is running in Kubernetes mode, this is in addition to the built-in \"kubernetes\" validator.\nIn self-hosted mode, enabling a custom validator will disable the built-in \"insecure\" validator.", - "type": "array", - "items": { - "description": "ValidatorSpec contains additional token validators to use.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the validator", - "type": "string", - "enum": [ - "jwks" - ] - }, - "options": { - "description": "Options for the validator, if any", - "type": "object", - "x-kubernetes-preserve-unknown-fields": true - } - }, - "additionalProperties": false - } - }, "workloadCertTTL": { "type": "string" } @@ -656,34 +413,6 @@ } }, "additionalProperties": false - }, - "wasm": { - "description": "WasmSpec describes the security profile for all Dapr Wasm components.", - "type": "object", - "properties": { - "strictSandbox": { - "description": "Force enabling strict sandbox mode for all WASM components.\nWhen this is enabled, WASM components always run in strict mode regardless of their configuration.\nStrict mode enhances security of the WASM sandbox by limiting access to certain capabilities such as real-time clocks and random number generators.", - "type": "boolean" - } - }, - "additionalProperties": false - }, - "workflow": { - "description": "WorkflowSpec defines the configuration for Dapr workflows.", - "type": "object", - "properties": { - "maxConcurrentActivityInvocations": { - "description": "maxConcurrentActivityInvocations is the maximum number of concurrent activities that can be processed by a single Dapr instance.\nAttempted invocations beyond this will be queued until the number of concurrent invocations drops below this value.\nIf If omitted, no maximum will be enforced.", - "type": "integer", - "format": "int32" - }, - "maxConcurrentWorkflowInvocations": { - "description": "maxConcurrentWorkflowInvocations is the maximum number of concurrent workflow invocations that can be scheduled by a single Dapr instance.\nAttempted invocations beyond this will be queued until the number of concurrent invocations drops below this value.\nIf omitted, no maximum will be enforced.", - "type": "integer", - "format": "int32" - } - }, - "additionalProperties": false } }, "additionalProperties": false diff --git a/schema/dapr.io/resiliency_v1alpha1.json b/schema/dapr.io/resiliency_v1alpha1.json index 777d9188b..bc94cd5c7 100644 --- a/schema/dapr.io/resiliency_v1alpha1.json +++ b/schema/dapr.io/resiliency_v1alpha1.json @@ -2,11 +2,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -56,20 +56,6 @@ "duration": { "type": "string" }, - "matching": { - "description": "RetryMatching represents the rules to trigger retry in specific scenarios.", - "type": "object", - "properties": { - "gRPCStatusCodes": { - "description": "GRPCStatusCodes represents gRPC status codes to be retried.", - "type": "string" - }, - "httpStatusCodes": { - "description": "HTTPStatusCodes represents HTTP status codes to be retried.", - "type": "string" - } - } - }, "maxInterval": { "type": "string" }, diff --git a/schema/dapr.io/subscription_v1alpha1.json b/schema/dapr.io/subscription_v1alpha1.json index 6c32613dc..72be6ca6e 100644 --- a/schema/dapr.io/subscription_v1alpha1.json +++ b/schema/dapr.io/subscription_v1alpha1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -28,27 +28,6 @@ "topic" ], "properties": { - "bulkSubscribe": { - "description": "BulkSubscribe encapsulates the bulk subscription configuration for a topic.", - "type": "object", - "required": [ - "enabled" - ], - "properties": { - "enabled": { - "type": "boolean" - }, - "maxAwaitDurationMs": { - "type": "integer", - "format": "int32" - }, - "maxMessagesCount": { - "type": "integer", - "format": "int32" - } - }, - "additionalProperties": false - }, "deadLetterTopic": { "type": "string" }, diff --git a/schema/dapr.io/subscription_v2alpha1.json b/schema/dapr.io/subscription_v2alpha1.json index aa21c37f4..400137e37 100644 --- a/schema/dapr.io/subscription_v2alpha1.json +++ b/schema/dapr.io/subscription_v2alpha1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -28,27 +28,6 @@ "topic" ], "properties": { - "bulkSubscribe": { - "description": "The option to enable bulk subscription for this topic.", - "type": "object", - "required": [ - "enabled" - ], - "properties": { - "enabled": { - "type": "boolean" - }, - "maxAwaitDurationMs": { - "type": "integer", - "format": "int32" - }, - "maxMessagesCount": { - "type": "integer", - "format": "int32" - } - }, - "additionalProperties": false - }, "deadLetterTopic": { "description": "The optional dead letter queue for this topic to send events to.", "type": "string" @@ -69,14 +48,13 @@ "type": "object", "properties": { "default": { - "description": "The default path for this topic.", "type": "string" }, "rules": { "description": "The list of rules for this topic.", "type": "array", "items": { - "description": "Rule is used to specify the condition for sending\na message to a specific path.", + "description": "Rule is used to specify the condition for sending a message to a specific path.", "type": "object", "required": [ "match", @@ -84,7 +62,7 @@ ], "properties": { "match": { - "description": "The optional CEL expression used to match the event.\nIf the match is not specified, then the route is considered\nthe default. The rules are tested in the order specified,\nso they should be define from most-to-least specific.\nThe default route should appear last in the list.", + "description": "The optional CEL expression used to match the event. If the match is not specified, then the route is considered the default. The rules are tested in the order specified, so they should be define from most-to-least specific. The default route should appear last in the list.", "type": "string" }, "path": { diff --git a/schema/exp.cluster.x-k8s.io/machinepool_v1alpha3.json b/schema/exp.cluster.x-k8s.io/machinepool_v1alpha3.json index 51a641245..a2ac95ba0 100644 --- a/schema/exp.cluster.x-k8s.io/machinepool_v1alpha3.json +++ b/schema/exp.cluster.x-k8s.io/machinepool_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "MachinePool is the Schema for the machinepools API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "MachinePoolSpec defines the desired state of MachinePool", "type": "object", "required": [ "clusterName", @@ -18,36 +22,44 @@ ], "properties": { "clusterName": { + "description": "ClusterName is the name of the Cluster this object belongs to.", "type": "string", "minLength": 1 }, "failureDomains": { + "description": "FailureDomains is the list of failure domains this MachinePool should be attached to.", "type": "array", "items": { "type": "string" } }, "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created machine instances should be ready. Defaults to 0 (machine instance will be considered available as soon as it is ready)", "type": "integer", "format": "int32" }, "providerIDList": { + "description": "ProviderIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.", "type": "array", "items": { "type": "string" } }, "replicas": { + "description": "Number of desired machines. Defaults to 1. This is a pointer to distinguish between explicit zero and not specified.", "type": "integer", "format": "int32" }, "strategy": { + "description": "The deployment strategy to use to replace existing machine instances with new ones.", "type": "object", "properties": { "rollingUpdate": { + "description": "Rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate.", "type": "object", "properties": { "maxSurge": { + "description": "The maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.", "anyOf": [ { "type": "integer" @@ -59,6 +71,7 @@ "x-kubernetes-int-or-string": true }, "maxUnavailable": { + "description": "The maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.", "anyOf": [ { "type": "integer" @@ -73,41 +86,51 @@ "additionalProperties": false }, "type": { + "description": "Type of deployment. Currently the only supported strategy is \"RollingUpdate\". Default is RollingUpdate.", "type": "string" } }, "additionalProperties": false }, "template": { + "description": "Template describes the machines that will be created.", "type": "object", "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", "type": "object", "additionalProperties": { "type": "string" } }, "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { + "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ "apiVersion", @@ -117,21 +140,27 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { + "description": "If true, this reference points to the managing controller.", "type": "boolean" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "uid": { + "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", "type": "string" } }, @@ -142,6 +171,7 @@ "additionalProperties": false }, "spec": { + "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "type": "object", "required": [ "bootstrap", @@ -150,85 +180,109 @@ ], "properties": { "bootstrap": { + "description": "Bootstrap is a reference to a local struct which encapsulates fields to configure the Machine’s bootstrapping mechanism.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef is a reference to a bootstrap provider-specific resource that holds configuration details. The reference is optional to allow users/operators to specify Bootstrap.Data without the need of a controller.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "data": { + "description": "Data contains the bootstrap data, such as cloud-init details scripts. If nil, the Machine should remain in the Pending state. \n Deprecated: This field has been deprecated in v1alpha3 and will be removed in a future version. Switch to DataSecretName.", "type": "string" }, "dataSecretName": { + "description": "DataSecretName is the name of the secret that stores the bootstrap data script. If nil, the Machine should remain in the Pending state.", "type": "string" } }, "additionalProperties": false }, "clusterName": { + "description": "ClusterName is the name of the Cluster this object belongs to.", "type": "string", "minLength": 1 }, "failureDomain": { + "description": "FailureDomain is the failure domain the machine will be created in. Must match a key in the FailureDomains map stored on the cluster object.", "type": "string" }, "infrastructureRef": { + "description": "InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "nodeDrainTimeout": { + "description": "NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`", "type": "string" }, "providerID": { + "description": "ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, "version": { + "description": "Version defines the desired Kubernetes version. This field is meant to be optionally used by bootstrap providers.", "type": "string" } }, @@ -241,18 +295,23 @@ "additionalProperties": false }, "status": { + "description": "MachinePoolStatus defines the observed state of MachinePool", "type": "object", "properties": { "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this MachinePool.", "type": "integer", "format": "int32" }, "bootstrapReady": { + "description": "BootstrapReady is the state of the bootstrap provider.", "type": "boolean" }, "conditions": { + "description": "Conditions define the current service state of the MachinePool.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -260,22 +319,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -283,38 +348,50 @@ } }, "failureMessage": { + "description": "FailureMessage indicates that there is a problem reconciling the state, and will be set to a descriptive error message.", "type": "string" }, "failureReason": { + "description": "FailureReason indicates that there is a problem reconciling the state, and will be set to a token value suitable for programmatic interpretation.", "type": "string" }, "infrastructureReady": { + "description": "InfrastructureReady is the state of the infrastructure provider.", "type": "boolean" }, "nodeRefs": { + "description": "NodeRefs will point to the corresponding Nodes if it they exist.", "type": "array", "items": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -322,21 +399,26 @@ } }, "observedGeneration": { + "description": "ObservedGeneration is the latest generation observed by the controller.", "type": "integer", "format": "int64" }, "phase": { + "description": "Phase represents the current phase of cluster actuation. E.g. Pending, Running, Terminating, Failed etc.", "type": "string" }, "readyReplicas": { + "description": "The number of ready replicas for this MachinePool. A machine is considered ready when the node has been created and is \"Ready\".", "type": "integer", "format": "int32" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" }, "unavailableReplicas": { + "description": "Total number of unavailable machine instances targeted by this machine pool. This is the total number of machine instances that are still required for the machine pool to have 100% available capacity. They may either be machine instances that are running but not yet available or machine instances that still have not been created.", "type": "integer", "format": "int32" } diff --git a/schema/exp.infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json b/schema/exp.infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json index 30155e7a9..57c333356 100644 --- a/schema/exp.infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json +++ b/schema/exp.infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "AzureMachinePool is the Schema for the azuremachinepools API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachinePoolSpec defines the desired state of AzureMachinePool", "type": "object", "required": [ "location", @@ -18,12 +22,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "identity": { + "description": "Identity is the type of identity used for the Virtual Machine Scale Set. The type 'SystemAssigned' is an implicitly created identity. The generated identity will be assigned a Subscription contributor role. The type 'UserAssigned' is a standalone Azure resource provided by the user and assigned to the VM", "type": "string", "default": "None", "enum": [ @@ -33,21 +39,26 @@ ] }, "location": { + "description": "Location is the Azure region location e.g. westus2", "type": "string" }, "providerID": { + "description": "ProviderID is the identification ID of the Virtual Machine Scale Set", "type": "string" }, "providerIDList": { + "description": "ProviderIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.", "type": "array", "items": { "type": "string" } }, "roleAssignmentName": { + "description": "RoleAssignmentName is the name of the role assignment to create for a system assigned identity. It can be any valid GUID. If not specified, a random GUID will be generated.", "type": "string" }, "template": { + "description": "Template contains the details used to build a replica virtual machine within the Machine Pool", "type": "object", "required": [ "osDisk", @@ -56,11 +67,14 @@ ], "properties": { "acceleratedNetworking": { + "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on whether the requested VMSize supports accelerated networking. If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "dataDisks": { + "description": "DataDisks specifies the list of data disks to be created for a Virtual Machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -71,14 +85,17 @@ "type": "string" }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int32" }, "lun": { + "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. The value must be between 0 and 63.", "type": "integer", "format": "int32" }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cmachineName\u003e_\u003cnameSuffix\u003e.", "type": "string" } }, @@ -86,12 +103,15 @@ } }, "image": { + "description": "Image is used to provide details of an image to use during Virtual Machine creation. If image details are omitted the image will default the Azure Marketplace \"capi\" offer, which is based on Ubuntu.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -101,22 +121,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -124,6 +149,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -134,22 +160,27 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -160,6 +191,7 @@ "additionalProperties": false }, "osDisk": { + "description": "OSDisk contains the operating system disk information for a Virtual Machine", "type": "object", "required": [ "diskSizeGB", @@ -171,12 +203,14 @@ "type": "string" }, "diffDiskSettings": { + "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "type": "object", "required": [ "option" ], "properties": { "option": { + "description": "Option enables ephemeral OS when set to \"Local\" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details", "type": "string", "enum": [ "Local" @@ -190,15 +224,18 @@ "format": "int32" }, "managedDisk": { + "description": "ManagedDisk defines the managed disk options for a VM.", "type": "object", "required": [ "storageAccountType" ], "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -217,18 +254,22 @@ "additionalProperties": false }, "securityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "type": "object", "properties": { "encryptionAtHost": { + "description": "This field indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. Default is disabled.", "type": "boolean" } }, "additionalProperties": false }, "spotVMOptions": { + "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", "type": "object", "properties": { "maxPrice": { + "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -244,26 +285,32 @@ "additionalProperties": false }, "sshPublicKey": { + "description": "SSHPublicKey is the SSH public key string base64 encoded to add to a Virtual Machine", "type": "string" }, "terminateNotificationTimeout": { + "description": "TerminateNotificationTimeout enables or disables VMSS scheduled events termination notification with specified timeout allowed values are between 5 and 15 (mins)", "type": "integer" }, "vmSize": { + "description": "VMSize is the size of the Virtual Machine to build. See https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes", "type": "string" } }, "additionalProperties": false }, "userAssignedIdentities": { + "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user The lifecycle of a user-assigned identity is managed separately from the lifecycle of the AzureMachinePool. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "type": "array", "items": { + "description": "UserAssignedIdentity defines the user-assigned identities provided by the user to be assigned to Azure resources.", "type": "object", "required": [ "providerID" ], "properties": { "providerID": { + "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, @@ -274,11 +321,14 @@ "additionalProperties": false }, "status": { + "description": "AzureMachinePoolStatus defines the observed state of AzureMachinePool", "type": "object", "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureMachinePool.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -286,22 +336,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -309,35 +365,45 @@ } }, "failureMessage": { + "description": "FailureMessage will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "failureReason": { + "description": "FailureReason will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "instances": { + "description": "Instances is the VM instance status for each VM in the VMSS", "type": "array", "items": { + "description": "AzureMachinePoolInstanceStatus provides status information for each instance in the VMSS", "type": "object", "required": [ "latestModelApplied" ], "properties": { "instanceID": { + "description": "InstanceID is the identification of the Machine Instance within the VMSS", "type": "string" }, "instanceName": { + "description": "InstanceName is the name of the Machine Instance within the VMSS", "type": "string" }, "latestModelApplied": { + "description": "LatestModelApplied indicates the instance is running the most up-to-date VMSS model. A VMSS model describes the image version the VM is running. If the instance is not running the latest model, it means the instance may not be running the version of Kubernetes the Machine Pool has specified and needs to be updated.", "type": "boolean" }, "providerID": { + "description": "ProviderID is the provider identification of the VMSS Instance", "type": "string" }, "provisioningState": { + "description": "ProvisioningState is the provisioning state of the Azure virtual machine instance.", "type": "string" }, "version": { + "description": "Version defines the Kubernetes version for the VM Instance", "type": "string" } }, @@ -345,37 +411,46 @@ } }, "longRunningOperationState": { + "description": "LongRunningOperationState saves the state for an Azure long running operations so it can be continued on the next reconciliation loop.", "type": "object", "required": [ "type" ], "properties": { "futureData": { + "description": "FutureData is the base64 url encoded json Azure AutoRest Future", "type": "string" }, "name": { + "description": "Name is the name of the Azure resource", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the Azure resource group for the resource", "type": "string" }, "type": { + "description": "Type describes the type of future, update, create, delete, etc", "type": "string" } }, "additionalProperties": false }, "provisioningState": { + "description": "ProvisioningState is the provisioning state of the Azure virtual machine.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" }, "version": { + "description": "Version is the Kubernetes version for the current VMSS model", "type": "string" } }, diff --git a/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json b/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json index bc52743c6..85771c115 100644 --- a/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json +++ b/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json @@ -1,19 +1,24 @@ { + "description": "AzureManagedCluster is the Schema for the azuremanagedclusters API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedClusterSpec defines the desired state of AzureManagedCluster", "type": "object", "properties": { "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -21,9 +26,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -34,9 +41,11 @@ "additionalProperties": false }, "status": { + "description": "AzureManagedClusterStatus defines the observed state of AzureManagedCluster", "type": "object", "properties": { "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json b/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json index e5ac54473..b961ed0fc 100644 --- a/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json +++ b/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedControlPlaneSpec defines the desired state of AzureManagedControlPlane", "type": "object", "required": [ "defaultPoolRef", @@ -22,12 +26,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.", "type": "object", "additionalProperties": { "type": "string" } }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -35,9 +41,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -45,18 +53,22 @@ "additionalProperties": false }, "defaultPoolRef": { + "description": "DefaultPoolRef is the specification for the default pool, without which an AKS cluster cannot be created.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "dnsServiceIP": { + "description": "DNSServiceIP is an IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.", "type": "string" }, "loadBalancerSKU": { + "description": "LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.", "type": "string", "enum": [ "Basic", @@ -64,9 +76,11 @@ ] }, "location": { + "description": "Location is a string matching one of the canonical Azure region names. Examples: \"westus2\", \"eastus\".", "type": "string" }, "networkPlugin": { + "description": "NetworkPlugin used for building Kubernetes network.", "type": "string", "enum": [ "azure", @@ -74,6 +88,7 @@ ] }, "networkPolicy": { + "description": "NetworkPolicy used for building Kubernetes network.", "type": "string", "enum": [ "azure", @@ -81,22 +96,28 @@ ] }, "nodeResourceGroupName": { + "description": "NodeResourceGroupName is the name of the resource group containining cluster IaaS resources. Will be populated to default in webhook.", "type": "string" }, "resourceGroupName": { + "description": "ResourceGroupName is the name of the Azure resource group for this AKS Cluster.", "type": "string" }, "sshPublicKey": { + "description": "SSHPublicKey is a string literal containing an ssh public key base64 encoded.", "type": "string" }, "subscriptionID": { + "description": "SubscriotionID is the GUID of the Azure subscription to hold this cluster.", "type": "string" }, "version": { + "description": "Version defines the desired Kubernetes version.", "type": "string", "minLength": 2 }, "virtualNetwork": { + "description": "VirtualNetwork describes the vnet for the AKS cluster. Will be created if it does not exist.", "type": "object", "required": [ "cidrBlock", @@ -110,6 +131,7 @@ "type": "string" }, "subnet": { + "description": "ManagedControlPlaneSubnet describes a subnet for an AKS cluster.", "type": "object", "required": [ "cidrBlock", @@ -132,12 +154,15 @@ "additionalProperties": false }, "status": { + "description": "AzureManagedControlPlaneStatus defines the observed state of AzureManagedControlPlane", "type": "object", "properties": { "initialized": { + "description": "Initialized is true when the the control plane is available for initial contact. This may occur before the control plane is fully ready. In the AzureManagedControlPlane implementation, these are identical.", "type": "boolean" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json b/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json index 87a7160a4..ef05b6e59 100644 --- a/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json +++ b/schema/exp.infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json @@ -1,50 +1,62 @@ { + "description": "AzureManagedMachinePool is the Schema for the azuremanagedmachinepools API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedMachinePoolSpec defines the desired state of AzureManagedMachinePool", "type": "object", "required": [ "sku" ], "properties": { "osDiskSizeGB": { + "description": "OSDiskSizeGB is the disk size for every machine in this agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.", "type": "integer", "format": "int32" }, "providerIDList": { + "description": "ProviderIDList is the unique identifier as specified by the cloud provider.", "type": "array", "items": { "type": "string" } }, "sku": { + "description": "SKU is the size of the VMs in the node pool.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "AzureManagedMachinePoolStatus defines the observed state of AzureManagedMachinePool", "type": "object", "properties": { "errorMessage": { + "description": "Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" } diff --git a/schema/federation.pingcap.com/volumebackup_v1alpha1.json b/schema/federation.pingcap.com/volumebackup_v1alpha1.json index a834b6d7a..a37dc28f7 100644 --- a/schema/federation.pingcap.com/volumebackup_v1alpha1.json +++ b/schema/federation.pingcap.com/volumebackup_v1alpha1.json @@ -449,25 +449,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -542,6 +523,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -842,6 +826,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -1816,25 +1859,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -1909,6 +1933,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2209,6 +2236,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { diff --git a/schema/federation.pingcap.com/volumebackupschedule_v1alpha1.json b/schema/federation.pingcap.com/volumebackupschedule_v1alpha1.json index feed422ae..eaf4fbd69 100644 --- a/schema/federation.pingcap.com/volumebackupschedule_v1alpha1.json +++ b/schema/federation.pingcap.com/volumebackupschedule_v1alpha1.json @@ -452,25 +452,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -545,6 +526,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -845,6 +829,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -1819,25 +1862,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -1912,6 +1936,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2212,6 +2239,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { diff --git a/schema/federation.pingcap.com/volumerestore_v1alpha1.json b/schema/federation.pingcap.com/volumerestore_v1alpha1.json index ff412a239..c9e26d053 100644 --- a/schema/federation.pingcap.com/volumerestore_v1alpha1.json +++ b/schema/federation.pingcap.com/volumerestore_v1alpha1.json @@ -475,25 +475,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -568,6 +549,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -868,6 +852,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -1751,25 +1794,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -1844,6 +1868,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2144,6 +2171,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { diff --git a/schema/flagger.app/canary_v1alpha1.json b/schema/flagger.app/canary_v1alpha1.json index cdfb0eccb..9297b79a9 100644 --- a/schema/flagger.app/canary_v1alpha1.json +++ b/schema/flagger.app/canary_v1alpha1.json @@ -1,10 +1,15 @@ { "properties": { "spec": { - "additionalProperties": false, + "required": [ + "targetRef", + "service", + "analysis" + ], "properties": { "analysis": { - "additionalProperties": false, + "description": "Canary analysis for this canary", + "type": "object", "oneOf": [ { "required": [ @@ -30,19 +35,24 @@ ], "properties": { "interval": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Schedule interval for this canary", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "iterations": { + "description": "Number of checks to run for A/B Testing and Blue/Green", "type": "number" }, "match": { + "description": "A/B testing match conditions", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "headers": { + "type": "object", "additionalProperties": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -67,132 +77,160 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)", + "type": "string", + "format": "string" }, "suffix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } - }, - "type": "object" - }, - "type": "object" + } + } }, "sourceLabels": { + "description": "Applicable only when the 'mesh' gateway is included in the service.gateways list", + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "maxWeight": { + "description": "Max traffic weight routed to canary", "type": "number" }, "metrics": { + "description": "Metric check list for this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Interval of the query", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "name": { + "description": "Name of the metric", "type": "string" }, "query": { + "description": "Prometheus query", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "Metric template reference", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of this metric template", "type": "string" }, "namespace": { + "description": "Namespace of this metric template", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "threshold": { + "description": "Max value accepted for this metric", "type": "number" }, "thresholdRange": { - "additionalProperties": false, + "description": "Range accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Max value accepted for this metric", "type": "number" }, "min": { + "description": "Min value accepted for this metric", "type": "number" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "mirror": { + "description": "Mirror traffic to canary", "type": "boolean" }, "mirrorWeight": { + "description": "Weight of traffic to be mirrored", "type": "number" }, "stepWeight": { + "description": "Incremental traffic step weight for the analysis phase", "type": "number" }, "stepWeightPromotion": { + "description": "Incremental traffic step weight for the promotion phase", "type": "number" }, "stepWeights": { + "description": "Incremental traffic step weights for the analysis phase", + "type": "array", "items": { "type": "number" - }, - "type": "array" + } }, "threshold": { + "description": "Max number of failed checks before rollback", "type": "number" }, "webhooks": { + "description": "Webhook list for this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "url" + ], "properties": { "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { + "description": "Name of the webhook", "type": "string" }, "timeout": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Request timeout for this webhook", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "type": { + "description": "Type of the webhook pre, post or during rollout", + "type": "string", "enum": [ "", "confirm-rollout", @@ -202,158 +240,171 @@ "post-rollout", "event", "rollback" - ], - "type": "string" + ] }, "url": { - "format": "url", - "type": "string" + "description": "URL address of this webhook", + "type": "string", + "format": "url" } }, - "required": [ - "name", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "autoscalerRef": { - "additionalProperties": false, + "description": "HPA selector", + "type": "object", + "required": [ + "apiVersion", + "kind", + "name" + ], "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "HorizontalPodAutoscaler" - ], - "type": "string" + ] }, "name": { "type": "string" } }, + "additionalProperties": false + }, + "ingressRef": { + "description": "NGINX ingress selector", + "type": "object", "required": [ "apiVersion", "kind", "name" ], - "type": "object" - }, - "ingressRef": { - "additionalProperties": false, "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "Ingress" - ], - "type": "string" + ] }, "name": { "type": "string" } }, - "required": [ - "apiVersion", - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "metricsServer": { + "description": "Prometheus URL", "type": "string" }, "progressDeadlineSeconds": { + "description": "Deployment progress deadline", "type": "number" }, "provider": { + "description": "Traffic managent provider", "type": "string" }, "revertOnDeletion": { + "description": "Revert mutated resources to original spec on deletion", "type": "boolean" }, "service": { - "additionalProperties": false, + "description": "Kubernetes Service spec", + "type": "object", + "required": [ + "port" + ], "properties": { "apex": { - "additionalProperties": false, + "description": "Metadata to add to the apex service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "backends": { + "description": "AppMesh backend array", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "canary": { - "additionalProperties": false, + "description": "Metadata to add to the canary service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "corsPolicy": { - "additionalProperties": false, + "description": "Istio Cross-Origin Resource Sharing policy (CORS)", + "type": "object", "properties": { "allowCredentials": { "type": "boolean" }, "allowHeaders": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowMethods": { + "description": "List of HTTP methods allowed to access the resource", + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowOrigin": { + "description": "The list of origins that are allowed to perform CORS requests.", + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowOrigins": { + "description": "String patterns that match allowed origins", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -373,116 +424,121 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "exposeHeaders": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "maxAge": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "delegation": { + "description": "enable behaving as a delegate VirtualService", "type": "boolean" }, "gateways": { + "description": "The list of Istio gateway for this virtual service", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "headers": { - "additionalProperties": false, + "description": "Headers operations", + "type": "object", "properties": { "request": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } }, "remove": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "set": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false }, "response": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } }, "remove": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "set": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "hosts": { + "description": "The list of host names for this service", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "match": { + "description": "URI match conditions", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "uri": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -507,90 +563,101 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "suffix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "meshName": { + "description": "AppMesh mesh name", "type": "string" }, "name": { + "description": "Kubernetes service name", "type": "string" }, "port": { + "description": "Container port number", "type": "number" }, "portDiscovery": { + "description": "Enable port dicovery", "type": "boolean" }, "portName": { + "description": "Container port name", "type": "string" }, "primary": { - "additionalProperties": false, + "description": "Metadata to add to the primary service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "retries": { - "additionalProperties": false, + "description": "Retry policy for HTTP requests", + "type": "object", "properties": { "attempts": { - "format": "int32", - "type": "integer" + "description": "Number of retries for a given request", + "type": "integer", + "format": "int32" }, "perTryTimeout": { + "description": "Timeout per retry attempt for a given request", "type": "string" }, "retryOn": { - "format": "string", - "type": "string" + "description": "Specifies the conditions under which retry takes place", + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false }, "rewrite": { - "additionalProperties": false, + "description": "Rewrite HTTP URIs", + "type": "object", "properties": { "uri": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false }, "targetPort": { + "description": "Container target port name", "anyOf": [ { "type": "string" @@ -601,51 +668,59 @@ ] }, "timeout": { + "description": "HTTP or gRPC request timeout", "type": "string" }, "trafficPolicy": { - "additionalProperties": false, + "description": "Istio traffic policy", + "type": "object", "properties": { "connectionPool": { - "additionalProperties": false, "properties": { "http": { - "additionalProperties": false, + "description": "HTTP connection pool settings.", + "type": "object", "properties": { "h2UpgradePolicy": { + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "type": "string", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", "UPGRADE" - ], - "type": "string" + ] }, "http1MaxPendingRequests": { - "format": "int32", - "type": "integer" + "description": "Maximum number of pending HTTP requests to a destination.", + "type": "integer", + "format": "int32" }, "http2MaxRequests": { - "format": "int32", - "type": "integer" + "description": "Maximum number of requests to a backend.", + "type": "integer", + "format": "int32" }, "idleTimeout": { + "description": "The idle timeout for upstream connection pool connections.", "type": "string" }, "maxRequestsPerConnection": { - "format": "int32", - "type": "integer" + "description": "Maximum number of requests per connection to a backend.", + "type": "integer", + "format": "int32" }, "maxRetries": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false } } }, "loadBalancer": { - "additionalProperties": false, + "description": "Settings controlling the load balancer algorithms.", + "type": "object", "oneOf": [ { "required": [ @@ -653,6 +728,9 @@ ] }, { + "required": [ + "consistentHash" + ], "properties": { "consistentHash": { "oneOf": [ @@ -678,274 +756,300 @@ } ] } - }, - "required": [ - "consistentHash" - ] + } } ], "properties": { "consistentHash": { - "additionalProperties": false, + "type": "object", "properties": { "httpCookie": { - "additionalProperties": false, + "description": "Hash based on HTTP cookie.", + "type": "object", "properties": { "name": { - "format": "string", - "type": "string" + "description": "Name of the cookie.", + "type": "string", + "format": "string" }, "path": { - "format": "string", - "type": "string" + "description": "Path to set for the cookie.", + "type": "string", + "format": "string" }, "ttl": { + "description": "Lifetime of the cookie.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "httpHeaderName": { - "format": "string", - "type": "string" + "description": "Hash based on a specific HTTP header.", + "type": "string", + "format": "string" }, "httpQueryParameterName": { - "format": "string", - "type": "string" + "description": "Hash based on a specific HTTP query parameter.", + "type": "string", + "format": "string" }, "minimumRingSize": { "type": "integer" }, "useSourceIp": { + "description": "Hash based on the source IP address.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "localityLbSetting": { - "additionalProperties": false, + "type": "object", "properties": { "distribute": { + "description": "Optional: only one of distribute or failover can be set.", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "from": { - "format": "string", - "type": "string" + "description": "Originating locality, '/' separated, e.g.", + "type": "string", + "format": "string" }, "to": { + "description": "Map of upstream localities to traffic distribution weights.", + "type": "object", "additionalProperties": { "type": "integer" - }, - "type": "object" + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "enabled": { + "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", "type": "boolean" }, "failover": { + "description": "Optional: only failover or distribute can be set.", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "from": { - "format": "string", - "type": "string" + "description": "Originating region.", + "type": "string", + "format": "string" }, "to": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "simple": { + "type": "string", "enum": [ "ROUND_ROBIN", "LEAST_CONN", "RANDOM", "PASSTHROUGH" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false }, "outlierDetection": { - "additionalProperties": false, + "description": "Settings controlling eviction of unhealthy hosts from the load balancing pool.", + "type": "object", "properties": { "baseEjectionTime": { + "description": "Minimum ejection duration.", "type": "string" }, "consecutive5xxErrors": { + "description": "Number of 5xx errors before a host is ejected from the connection pool.", "type": "integer" }, "consecutiveErrors": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "consecutiveGatewayErrors": { - "format": "int32", - "type": "integer" + "description": "Number of gateway errors before a host is ejected from the connection pool.", + "type": "integer", + "format": "int32" }, "interval": { + "description": "Time interval between ejection sweep analysis.", "type": "string" }, "maxEjectionPercent": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "minHealthPercent": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "tls": { - "additionalProperties": false, + "description": "Istio TLS related settings for connections to the upstream service", + "type": "object", "properties": { "caCertificates": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "clientCertificate": { - "format": "string", - "type": "string" + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string", + "format": "string" }, "mode": { + "type": "string", "enum": [ "DISABLE", "SIMPLE", "MUTUAL", "ISTIO_MUTUAL" - ], - "type": "string" + ] }, "privateKey": { - "format": "string", - "type": "string" + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string", + "format": "string" }, "sni": { - "format": "string", - "type": "string" + "description": "SNI string to present to the server during TLS handshake.", + "type": "string", + "format": "string" }, "subjectAltNames": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "skipAnalysis": { + "description": "Skip analysis and promote canary", "type": "boolean" }, "targetRef": { - "additionalProperties": false, + "description": "Target selector", + "type": "object", + "required": [ + "apiVersion", + "kind", + "name" + ], "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "DaemonSet", "Deployment", "Service" - ], - "type": "string" + ] }, "name": { "type": "string" } }, - "required": [ - "apiVersion", - "kind", - "name" - ], - "type": "object" + "additionalProperties": false } - }, - "required": [ - "targetRef", - "service", - "analysis" - ] + } }, "status": { - "additionalProperties": false, "properties": { "canaryWeight": { + "description": "Traffic weight routed to canary", "type": "number" }, "conditions": { + "description": "Status conditions of this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "type", + "status", + "reason" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime of this condition", + "type": "string", + "format": "date-time" }, "lastUpdateTime": { - "format": "date-time", - "type": "string" + "description": "LastUpdateTime of this condition", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message associated with this condition", "type": "string" }, "reason": { + "description": "Reason for the current status of this condition", "type": "string" }, "status": { + "description": "Status of this condition", "type": "string" }, "type": { + "description": "Type of this condition", "type": "string" } }, - "required": [ - "type", - "status", - "reason" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "failedChecks": { + "description": "Failed check count of the current canary analysis", "type": "number" }, "iterations": { + "description": "Iteration count of the current canary analysis", "type": "number" }, "lastAppliedSpec": { + "description": "LastAppliedSpec of this canary", "type": "string" }, "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime of this canary", + "type": "string", + "format": "date-time" }, "phase": { + "description": "Analysis phase of this canary", + "type": "string", "enum": [ "", "Initializing", @@ -958,8 +1062,7 @@ "Failed", "Terminating", "Terminated" - ], - "type": "string" + ] } } } diff --git a/schema/flagger.app/canary_v1alpha2.json b/schema/flagger.app/canary_v1alpha2.json index cdfb0eccb..9297b79a9 100644 --- a/schema/flagger.app/canary_v1alpha2.json +++ b/schema/flagger.app/canary_v1alpha2.json @@ -1,10 +1,15 @@ { "properties": { "spec": { - "additionalProperties": false, + "required": [ + "targetRef", + "service", + "analysis" + ], "properties": { "analysis": { - "additionalProperties": false, + "description": "Canary analysis for this canary", + "type": "object", "oneOf": [ { "required": [ @@ -30,19 +35,24 @@ ], "properties": { "interval": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Schedule interval for this canary", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "iterations": { + "description": "Number of checks to run for A/B Testing and Blue/Green", "type": "number" }, "match": { + "description": "A/B testing match conditions", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "headers": { + "type": "object", "additionalProperties": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -67,132 +77,160 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)", + "type": "string", + "format": "string" }, "suffix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } - }, - "type": "object" - }, - "type": "object" + } + } }, "sourceLabels": { + "description": "Applicable only when the 'mesh' gateway is included in the service.gateways list", + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "maxWeight": { + "description": "Max traffic weight routed to canary", "type": "number" }, "metrics": { + "description": "Metric check list for this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Interval of the query", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "name": { + "description": "Name of the metric", "type": "string" }, "query": { + "description": "Prometheus query", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "Metric template reference", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of this metric template", "type": "string" }, "namespace": { + "description": "Namespace of this metric template", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "threshold": { + "description": "Max value accepted for this metric", "type": "number" }, "thresholdRange": { - "additionalProperties": false, + "description": "Range accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Max value accepted for this metric", "type": "number" }, "min": { + "description": "Min value accepted for this metric", "type": "number" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "mirror": { + "description": "Mirror traffic to canary", "type": "boolean" }, "mirrorWeight": { + "description": "Weight of traffic to be mirrored", "type": "number" }, "stepWeight": { + "description": "Incremental traffic step weight for the analysis phase", "type": "number" }, "stepWeightPromotion": { + "description": "Incremental traffic step weight for the promotion phase", "type": "number" }, "stepWeights": { + "description": "Incremental traffic step weights for the analysis phase", + "type": "array", "items": { "type": "number" - }, - "type": "array" + } }, "threshold": { + "description": "Max number of failed checks before rollback", "type": "number" }, "webhooks": { + "description": "Webhook list for this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "url" + ], "properties": { "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { + "description": "Name of the webhook", "type": "string" }, "timeout": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Request timeout for this webhook", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "type": { + "description": "Type of the webhook pre, post or during rollout", + "type": "string", "enum": [ "", "confirm-rollout", @@ -202,158 +240,171 @@ "post-rollout", "event", "rollback" - ], - "type": "string" + ] }, "url": { - "format": "url", - "type": "string" + "description": "URL address of this webhook", + "type": "string", + "format": "url" } }, - "required": [ - "name", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "autoscalerRef": { - "additionalProperties": false, + "description": "HPA selector", + "type": "object", + "required": [ + "apiVersion", + "kind", + "name" + ], "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "HorizontalPodAutoscaler" - ], - "type": "string" + ] }, "name": { "type": "string" } }, + "additionalProperties": false + }, + "ingressRef": { + "description": "NGINX ingress selector", + "type": "object", "required": [ "apiVersion", "kind", "name" ], - "type": "object" - }, - "ingressRef": { - "additionalProperties": false, "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "Ingress" - ], - "type": "string" + ] }, "name": { "type": "string" } }, - "required": [ - "apiVersion", - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "metricsServer": { + "description": "Prometheus URL", "type": "string" }, "progressDeadlineSeconds": { + "description": "Deployment progress deadline", "type": "number" }, "provider": { + "description": "Traffic managent provider", "type": "string" }, "revertOnDeletion": { + "description": "Revert mutated resources to original spec on deletion", "type": "boolean" }, "service": { - "additionalProperties": false, + "description": "Kubernetes Service spec", + "type": "object", + "required": [ + "port" + ], "properties": { "apex": { - "additionalProperties": false, + "description": "Metadata to add to the apex service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "backends": { + "description": "AppMesh backend array", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "canary": { - "additionalProperties": false, + "description": "Metadata to add to the canary service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "corsPolicy": { - "additionalProperties": false, + "description": "Istio Cross-Origin Resource Sharing policy (CORS)", + "type": "object", "properties": { "allowCredentials": { "type": "boolean" }, "allowHeaders": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowMethods": { + "description": "List of HTTP methods allowed to access the resource", + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowOrigin": { + "description": "The list of origins that are allowed to perform CORS requests.", + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowOrigins": { + "description": "String patterns that match allowed origins", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -373,116 +424,121 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "exposeHeaders": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "maxAge": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "delegation": { + "description": "enable behaving as a delegate VirtualService", "type": "boolean" }, "gateways": { + "description": "The list of Istio gateway for this virtual service", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "headers": { - "additionalProperties": false, + "description": "Headers operations", + "type": "object", "properties": { "request": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } }, "remove": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "set": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false }, "response": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } }, "remove": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "set": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "hosts": { + "description": "The list of host names for this service", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "match": { + "description": "URI match conditions", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "uri": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -507,90 +563,101 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "suffix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "meshName": { + "description": "AppMesh mesh name", "type": "string" }, "name": { + "description": "Kubernetes service name", "type": "string" }, "port": { + "description": "Container port number", "type": "number" }, "portDiscovery": { + "description": "Enable port dicovery", "type": "boolean" }, "portName": { + "description": "Container port name", "type": "string" }, "primary": { - "additionalProperties": false, + "description": "Metadata to add to the primary service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "retries": { - "additionalProperties": false, + "description": "Retry policy for HTTP requests", + "type": "object", "properties": { "attempts": { - "format": "int32", - "type": "integer" + "description": "Number of retries for a given request", + "type": "integer", + "format": "int32" }, "perTryTimeout": { + "description": "Timeout per retry attempt for a given request", "type": "string" }, "retryOn": { - "format": "string", - "type": "string" + "description": "Specifies the conditions under which retry takes place", + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false }, "rewrite": { - "additionalProperties": false, + "description": "Rewrite HTTP URIs", + "type": "object", "properties": { "uri": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false }, "targetPort": { + "description": "Container target port name", "anyOf": [ { "type": "string" @@ -601,51 +668,59 @@ ] }, "timeout": { + "description": "HTTP or gRPC request timeout", "type": "string" }, "trafficPolicy": { - "additionalProperties": false, + "description": "Istio traffic policy", + "type": "object", "properties": { "connectionPool": { - "additionalProperties": false, "properties": { "http": { - "additionalProperties": false, + "description": "HTTP connection pool settings.", + "type": "object", "properties": { "h2UpgradePolicy": { + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "type": "string", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", "UPGRADE" - ], - "type": "string" + ] }, "http1MaxPendingRequests": { - "format": "int32", - "type": "integer" + "description": "Maximum number of pending HTTP requests to a destination.", + "type": "integer", + "format": "int32" }, "http2MaxRequests": { - "format": "int32", - "type": "integer" + "description": "Maximum number of requests to a backend.", + "type": "integer", + "format": "int32" }, "idleTimeout": { + "description": "The idle timeout for upstream connection pool connections.", "type": "string" }, "maxRequestsPerConnection": { - "format": "int32", - "type": "integer" + "description": "Maximum number of requests per connection to a backend.", + "type": "integer", + "format": "int32" }, "maxRetries": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false } } }, "loadBalancer": { - "additionalProperties": false, + "description": "Settings controlling the load balancer algorithms.", + "type": "object", "oneOf": [ { "required": [ @@ -653,6 +728,9 @@ ] }, { + "required": [ + "consistentHash" + ], "properties": { "consistentHash": { "oneOf": [ @@ -678,274 +756,300 @@ } ] } - }, - "required": [ - "consistentHash" - ] + } } ], "properties": { "consistentHash": { - "additionalProperties": false, + "type": "object", "properties": { "httpCookie": { - "additionalProperties": false, + "description": "Hash based on HTTP cookie.", + "type": "object", "properties": { "name": { - "format": "string", - "type": "string" + "description": "Name of the cookie.", + "type": "string", + "format": "string" }, "path": { - "format": "string", - "type": "string" + "description": "Path to set for the cookie.", + "type": "string", + "format": "string" }, "ttl": { + "description": "Lifetime of the cookie.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "httpHeaderName": { - "format": "string", - "type": "string" + "description": "Hash based on a specific HTTP header.", + "type": "string", + "format": "string" }, "httpQueryParameterName": { - "format": "string", - "type": "string" + "description": "Hash based on a specific HTTP query parameter.", + "type": "string", + "format": "string" }, "minimumRingSize": { "type": "integer" }, "useSourceIp": { + "description": "Hash based on the source IP address.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "localityLbSetting": { - "additionalProperties": false, + "type": "object", "properties": { "distribute": { + "description": "Optional: only one of distribute or failover can be set.", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "from": { - "format": "string", - "type": "string" + "description": "Originating locality, '/' separated, e.g.", + "type": "string", + "format": "string" }, "to": { + "description": "Map of upstream localities to traffic distribution weights.", + "type": "object", "additionalProperties": { "type": "integer" - }, - "type": "object" + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "enabled": { + "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", "type": "boolean" }, "failover": { + "description": "Optional: only failover or distribute can be set.", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "from": { - "format": "string", - "type": "string" + "description": "Originating region.", + "type": "string", + "format": "string" }, "to": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "simple": { + "type": "string", "enum": [ "ROUND_ROBIN", "LEAST_CONN", "RANDOM", "PASSTHROUGH" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false }, "outlierDetection": { - "additionalProperties": false, + "description": "Settings controlling eviction of unhealthy hosts from the load balancing pool.", + "type": "object", "properties": { "baseEjectionTime": { + "description": "Minimum ejection duration.", "type": "string" }, "consecutive5xxErrors": { + "description": "Number of 5xx errors before a host is ejected from the connection pool.", "type": "integer" }, "consecutiveErrors": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "consecutiveGatewayErrors": { - "format": "int32", - "type": "integer" + "description": "Number of gateway errors before a host is ejected from the connection pool.", + "type": "integer", + "format": "int32" }, "interval": { + "description": "Time interval between ejection sweep analysis.", "type": "string" }, "maxEjectionPercent": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "minHealthPercent": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "tls": { - "additionalProperties": false, + "description": "Istio TLS related settings for connections to the upstream service", + "type": "object", "properties": { "caCertificates": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "clientCertificate": { - "format": "string", - "type": "string" + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string", + "format": "string" }, "mode": { + "type": "string", "enum": [ "DISABLE", "SIMPLE", "MUTUAL", "ISTIO_MUTUAL" - ], - "type": "string" + ] }, "privateKey": { - "format": "string", - "type": "string" + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string", + "format": "string" }, "sni": { - "format": "string", - "type": "string" + "description": "SNI string to present to the server during TLS handshake.", + "type": "string", + "format": "string" }, "subjectAltNames": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "skipAnalysis": { + "description": "Skip analysis and promote canary", "type": "boolean" }, "targetRef": { - "additionalProperties": false, + "description": "Target selector", + "type": "object", + "required": [ + "apiVersion", + "kind", + "name" + ], "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "DaemonSet", "Deployment", "Service" - ], - "type": "string" + ] }, "name": { "type": "string" } }, - "required": [ - "apiVersion", - "kind", - "name" - ], - "type": "object" + "additionalProperties": false } - }, - "required": [ - "targetRef", - "service", - "analysis" - ] + } }, "status": { - "additionalProperties": false, "properties": { "canaryWeight": { + "description": "Traffic weight routed to canary", "type": "number" }, "conditions": { + "description": "Status conditions of this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "type", + "status", + "reason" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime of this condition", + "type": "string", + "format": "date-time" }, "lastUpdateTime": { - "format": "date-time", - "type": "string" + "description": "LastUpdateTime of this condition", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message associated with this condition", "type": "string" }, "reason": { + "description": "Reason for the current status of this condition", "type": "string" }, "status": { + "description": "Status of this condition", "type": "string" }, "type": { + "description": "Type of this condition", "type": "string" } }, - "required": [ - "type", - "status", - "reason" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "failedChecks": { + "description": "Failed check count of the current canary analysis", "type": "number" }, "iterations": { + "description": "Iteration count of the current canary analysis", "type": "number" }, "lastAppliedSpec": { + "description": "LastAppliedSpec of this canary", "type": "string" }, "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime of this canary", + "type": "string", + "format": "date-time" }, "phase": { + "description": "Analysis phase of this canary", + "type": "string", "enum": [ "", "Initializing", @@ -958,8 +1062,7 @@ "Failed", "Terminating", "Terminated" - ], - "type": "string" + ] } } } diff --git a/schema/flagger.app/canary_v1alpha3.json b/schema/flagger.app/canary_v1alpha3.json index cdfb0eccb..9297b79a9 100644 --- a/schema/flagger.app/canary_v1alpha3.json +++ b/schema/flagger.app/canary_v1alpha3.json @@ -1,10 +1,15 @@ { "properties": { "spec": { - "additionalProperties": false, + "required": [ + "targetRef", + "service", + "analysis" + ], "properties": { "analysis": { - "additionalProperties": false, + "description": "Canary analysis for this canary", + "type": "object", "oneOf": [ { "required": [ @@ -30,19 +35,24 @@ ], "properties": { "interval": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Schedule interval for this canary", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "iterations": { + "description": "Number of checks to run for A/B Testing and Blue/Green", "type": "number" }, "match": { + "description": "A/B testing match conditions", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "headers": { + "type": "object", "additionalProperties": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -67,132 +77,160 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax)", + "type": "string", + "format": "string" }, "suffix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } - }, - "type": "object" - }, - "type": "object" + } + } }, "sourceLabels": { + "description": "Applicable only when the 'mesh' gateway is included in the service.gateways list", + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "maxWeight": { + "description": "Max traffic weight routed to canary", "type": "number" }, "metrics": { + "description": "Metric check list for this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Interval of the query", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "name": { + "description": "Name of the metric", "type": "string" }, "query": { + "description": "Prometheus query", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "Metric template reference", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of this metric template", "type": "string" }, "namespace": { + "description": "Namespace of this metric template", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "threshold": { + "description": "Max value accepted for this metric", "type": "number" }, "thresholdRange": { - "additionalProperties": false, + "description": "Range accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Max value accepted for this metric", "type": "number" }, "min": { + "description": "Min value accepted for this metric", "type": "number" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "mirror": { + "description": "Mirror traffic to canary", "type": "boolean" }, "mirrorWeight": { + "description": "Weight of traffic to be mirrored", "type": "number" }, "stepWeight": { + "description": "Incremental traffic step weight for the analysis phase", "type": "number" }, "stepWeightPromotion": { + "description": "Incremental traffic step weight for the promotion phase", "type": "number" }, "stepWeights": { + "description": "Incremental traffic step weights for the analysis phase", + "type": "array", "items": { "type": "number" - }, - "type": "array" + } }, "threshold": { + "description": "Max number of failed checks before rollback", "type": "number" }, "webhooks": { + "description": "Webhook list for this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "url" + ], "properties": { "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { + "description": "Name of the webhook", "type": "string" }, "timeout": { - "pattern": "^[0-9]+(m|s)", - "type": "string" + "description": "Request timeout for this webhook", + "type": "string", + "pattern": "^[0-9]+(m|s)" }, "type": { + "description": "Type of the webhook pre, post or during rollout", + "type": "string", "enum": [ "", "confirm-rollout", @@ -202,158 +240,171 @@ "post-rollout", "event", "rollback" - ], - "type": "string" + ] }, "url": { - "format": "url", - "type": "string" + "description": "URL address of this webhook", + "type": "string", + "format": "url" } }, - "required": [ - "name", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "autoscalerRef": { - "additionalProperties": false, + "description": "HPA selector", + "type": "object", + "required": [ + "apiVersion", + "kind", + "name" + ], "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "HorizontalPodAutoscaler" - ], - "type": "string" + ] }, "name": { "type": "string" } }, + "additionalProperties": false + }, + "ingressRef": { + "description": "NGINX ingress selector", + "type": "object", "required": [ "apiVersion", "kind", "name" ], - "type": "object" - }, - "ingressRef": { - "additionalProperties": false, "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "Ingress" - ], - "type": "string" + ] }, "name": { "type": "string" } }, - "required": [ - "apiVersion", - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "metricsServer": { + "description": "Prometheus URL", "type": "string" }, "progressDeadlineSeconds": { + "description": "Deployment progress deadline", "type": "number" }, "provider": { + "description": "Traffic managent provider", "type": "string" }, "revertOnDeletion": { + "description": "Revert mutated resources to original spec on deletion", "type": "boolean" }, "service": { - "additionalProperties": false, + "description": "Kubernetes Service spec", + "type": "object", + "required": [ + "port" + ], "properties": { "apex": { - "additionalProperties": false, + "description": "Metadata to add to the apex service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "backends": { + "description": "AppMesh backend array", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "canary": { - "additionalProperties": false, + "description": "Metadata to add to the canary service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "corsPolicy": { - "additionalProperties": false, + "description": "Istio Cross-Origin Resource Sharing policy (CORS)", + "type": "object", "properties": { "allowCredentials": { "type": "boolean" }, "allowHeaders": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowMethods": { + "description": "List of HTTP methods allowed to access the resource", + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowOrigin": { + "description": "The list of origins that are allowed to perform CORS requests.", + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "allowOrigins": { + "description": "String patterns that match allowed origins", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -373,116 +424,121 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "exposeHeaders": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "maxAge": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "delegation": { + "description": "enable behaving as a delegate VirtualService", "type": "boolean" }, "gateways": { + "description": "The list of Istio gateway for this virtual service", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "headers": { - "additionalProperties": false, + "description": "Headers operations", + "type": "object", "properties": { "request": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } }, "remove": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "set": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false }, "response": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } }, "remove": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } }, "set": { + "type": "object", "additionalProperties": { - "format": "string", - "type": "string" - }, - "type": "object" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "hosts": { + "description": "The list of host names for this service", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "match": { + "description": "URI match conditions", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "uri": { - "additionalProperties": false, + "type": "object", "oneOf": [ { "required": [ @@ -507,90 +563,101 @@ ], "properties": { "exact": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "prefix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "regex": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "suffix": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "meshName": { + "description": "AppMesh mesh name", "type": "string" }, "name": { + "description": "Kubernetes service name", "type": "string" }, "port": { + "description": "Container port number", "type": "number" }, "portDiscovery": { + "description": "Enable port dicovery", "type": "boolean" }, "portName": { + "description": "Container port name", "type": "string" }, "primary": { - "additionalProperties": false, + "description": "Metadata to add to the primary service", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "retries": { - "additionalProperties": false, + "description": "Retry policy for HTTP requests", + "type": "object", "properties": { "attempts": { - "format": "int32", - "type": "integer" + "description": "Number of retries for a given request", + "type": "integer", + "format": "int32" }, "perTryTimeout": { + "description": "Timeout per retry attempt for a given request", "type": "string" }, "retryOn": { - "format": "string", - "type": "string" + "description": "Specifies the conditions under which retry takes place", + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false }, "rewrite": { - "additionalProperties": false, + "description": "Rewrite HTTP URIs", + "type": "object", "properties": { "uri": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" + "additionalProperties": false }, "targetPort": { + "description": "Container target port name", "anyOf": [ { "type": "string" @@ -601,51 +668,59 @@ ] }, "timeout": { + "description": "HTTP or gRPC request timeout", "type": "string" }, "trafficPolicy": { - "additionalProperties": false, + "description": "Istio traffic policy", + "type": "object", "properties": { "connectionPool": { - "additionalProperties": false, "properties": { "http": { - "additionalProperties": false, + "description": "HTTP connection pool settings.", + "type": "object", "properties": { "h2UpgradePolicy": { + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "type": "string", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", "UPGRADE" - ], - "type": "string" + ] }, "http1MaxPendingRequests": { - "format": "int32", - "type": "integer" + "description": "Maximum number of pending HTTP requests to a destination.", + "type": "integer", + "format": "int32" }, "http2MaxRequests": { - "format": "int32", - "type": "integer" + "description": "Maximum number of requests to a backend.", + "type": "integer", + "format": "int32" }, "idleTimeout": { + "description": "The idle timeout for upstream connection pool connections.", "type": "string" }, "maxRequestsPerConnection": { - "format": "int32", - "type": "integer" + "description": "Maximum number of requests per connection to a backend.", + "type": "integer", + "format": "int32" }, "maxRetries": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false } } }, "loadBalancer": { - "additionalProperties": false, + "description": "Settings controlling the load balancer algorithms.", + "type": "object", "oneOf": [ { "required": [ @@ -653,6 +728,9 @@ ] }, { + "required": [ + "consistentHash" + ], "properties": { "consistentHash": { "oneOf": [ @@ -678,274 +756,300 @@ } ] } - }, - "required": [ - "consistentHash" - ] + } } ], "properties": { "consistentHash": { - "additionalProperties": false, + "type": "object", "properties": { "httpCookie": { - "additionalProperties": false, + "description": "Hash based on HTTP cookie.", + "type": "object", "properties": { "name": { - "format": "string", - "type": "string" + "description": "Name of the cookie.", + "type": "string", + "format": "string" }, "path": { - "format": "string", - "type": "string" + "description": "Path to set for the cookie.", + "type": "string", + "format": "string" }, "ttl": { + "description": "Lifetime of the cookie.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "httpHeaderName": { - "format": "string", - "type": "string" + "description": "Hash based on a specific HTTP header.", + "type": "string", + "format": "string" }, "httpQueryParameterName": { - "format": "string", - "type": "string" + "description": "Hash based on a specific HTTP query parameter.", + "type": "string", + "format": "string" }, "minimumRingSize": { "type": "integer" }, "useSourceIp": { + "description": "Hash based on the source IP address.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "localityLbSetting": { - "additionalProperties": false, + "type": "object", "properties": { "distribute": { + "description": "Optional: only one of distribute or failover can be set.", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "from": { - "format": "string", - "type": "string" + "description": "Originating locality, '/' separated, e.g.", + "type": "string", + "format": "string" }, "to": { + "description": "Map of upstream localities to traffic distribution weights.", + "type": "object", "additionalProperties": { "type": "integer" - }, - "type": "object" + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "enabled": { + "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", "type": "boolean" }, "failover": { + "description": "Optional: only failover or distribute can be set.", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "from": { - "format": "string", - "type": "string" + "description": "Originating region.", + "type": "string", + "format": "string" }, "to": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "simple": { + "type": "string", "enum": [ "ROUND_ROBIN", "LEAST_CONN", "RANDOM", "PASSTHROUGH" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false }, "outlierDetection": { - "additionalProperties": false, + "description": "Settings controlling eviction of unhealthy hosts from the load balancing pool.", + "type": "object", "properties": { "baseEjectionTime": { + "description": "Minimum ejection duration.", "type": "string" }, "consecutive5xxErrors": { + "description": "Number of 5xx errors before a host is ejected from the connection pool.", "type": "integer" }, "consecutiveErrors": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "consecutiveGatewayErrors": { - "format": "int32", - "type": "integer" + "description": "Number of gateway errors before a host is ejected from the connection pool.", + "type": "integer", + "format": "int32" }, "interval": { + "description": "Time interval between ejection sweep analysis.", "type": "string" }, "maxEjectionPercent": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "minHealthPercent": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "tls": { - "additionalProperties": false, + "description": "Istio TLS related settings for connections to the upstream service", + "type": "object", "properties": { "caCertificates": { - "format": "string", - "type": "string" + "type": "string", + "format": "string" }, "clientCertificate": { - "format": "string", - "type": "string" + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string", + "format": "string" }, "mode": { + "type": "string", "enum": [ "DISABLE", "SIMPLE", "MUTUAL", "ISTIO_MUTUAL" - ], - "type": "string" + ] }, "privateKey": { - "format": "string", - "type": "string" + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string", + "format": "string" }, "sni": { - "format": "string", - "type": "string" + "description": "SNI string to present to the server during TLS handshake.", + "type": "string", + "format": "string" }, "subjectAltNames": { + "type": "array", "items": { - "format": "string", - "type": "string" - }, - "type": "array" + "type": "string", + "format": "string" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "skipAnalysis": { + "description": "Skip analysis and promote canary", "type": "boolean" }, "targetRef": { - "additionalProperties": false, + "description": "Target selector", + "type": "object", + "required": [ + "apiVersion", + "kind", + "name" + ], "properties": { "apiVersion": { "type": "string" }, "kind": { + "type": "string", "enum": [ "DaemonSet", "Deployment", "Service" - ], - "type": "string" + ] }, "name": { "type": "string" } }, - "required": [ - "apiVersion", - "kind", - "name" - ], - "type": "object" + "additionalProperties": false } - }, - "required": [ - "targetRef", - "service", - "analysis" - ] + } }, "status": { - "additionalProperties": false, "properties": { "canaryWeight": { + "description": "Traffic weight routed to canary", "type": "number" }, "conditions": { + "description": "Status conditions of this canary", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "type", + "status", + "reason" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime of this condition", + "type": "string", + "format": "date-time" }, "lastUpdateTime": { - "format": "date-time", - "type": "string" + "description": "LastUpdateTime of this condition", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message associated with this condition", "type": "string" }, "reason": { + "description": "Reason for the current status of this condition", "type": "string" }, "status": { + "description": "Status of this condition", "type": "string" }, "type": { + "description": "Type of this condition", "type": "string" } }, - "required": [ - "type", - "status", - "reason" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "failedChecks": { + "description": "Failed check count of the current canary analysis", "type": "number" }, "iterations": { + "description": "Iteration count of the current canary analysis", "type": "number" }, "lastAppliedSpec": { + "description": "LastAppliedSpec of this canary", "type": "string" }, "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime of this canary", + "type": "string", + "format": "date-time" }, "phase": { + "description": "Analysis phase of this canary", + "type": "string", "enum": [ "", "Initializing", @@ -958,8 +1062,7 @@ "Failed", "Terminating", "Terminated" - ], - "type": "string" + ] } } } diff --git a/schema/flagger.app/metrictemplate_v1alpha1.json b/schema/flagger.app/metrictemplate_v1alpha1.json index 5f4482457..6161e61d3 100644 --- a/schema/flagger.app/metrictemplate_v1alpha1.json +++ b/schema/flagger.app/metrictemplate_v1alpha1.json @@ -1,53 +1,59 @@ { "properties": { "spec": { - "additionalProperties": false, + "required": [ + "provider", + "query" + ], "properties": { "provider": { - "additionalProperties": false, + "description": "Provider of this metric template", + "type": "object", + "required": [ + "type" + ], "properties": { "address": { + "description": "API address of this provider", "type": "string" }, "region": { + "description": "Region of the provider", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Kubernetes secret reference containing the provider credentials", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the Kubernetes secret", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "type": { + "description": "Type of this provider", + "type": "string", "enum": [ "prometheus", "influxdb", "datadog", "cloudwatch", "newrelic" - ], - "type": "string" + ] } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "query": { + "description": "Query of this metric template", "type": "string" } - }, - "required": [ - "provider", - "query" - ] + } } } } diff --git a/schema/flink.apache.org/flinkdeployment_v1alpha1.json b/schema/flink.apache.org/flinkdeployment_v1alpha1.json new file mode 100644 index 000000000..d841e57cc --- /dev/null +++ b/schema/flink.apache.org/flinkdeployment_v1alpha1.json @@ -0,0 +1,30844 @@ +{ + "type": "object", + "properties": { + "spec": { + "type": "object", + "properties": { + "flinkConfiguration": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "flinkVersion": { + "type": "string", + "enum": [ + "v1_14", + "v1_15", + "v1_16" + ] + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "className": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "additionalProperties": false + }, + "job": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "entryClass": { + "type": "string" + }, + "initialSavepointPath": { + "type": "string" + }, + "jarURI": { + "type": "string" + }, + "parallelism": { + "type": "integer" + }, + "savepointTriggerNonce": { + "type": "integer" + }, + "state": { + "type": "string", + "enum": [ + "running", + "suspended" + ] + }, + "upgradeMode": { + "type": "string", + "enum": [ + "savepoint", + "last-state", + "stateless" + ] + } + }, + "additionalProperties": false + }, + "jobManager": { + "type": "object", + "properties": { + "podTemplate": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "activeDeadlineSeconds": { + "type": "integer" + }, + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "preference": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "podAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "dnsConfig": { + "type": "object", + "properties": { + "nameservers": { + "type": "array", + "items": { + "type": "string" + } + }, + "options": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "searches": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "enableServiceLinks": { + "type": "boolean" + }, + "ephemeralContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "targetContainerName": { + "type": "string" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostAliases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "hostnames": { + "type": "array", + "items": { + "type": "string" + } + }, + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostIPC": { + "type": "boolean" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPID": { + "type": "boolean" + }, + "hostname": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "initContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "nodeName": { + "type": "string" + }, + "nodeSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "os": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "overhead": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "preemptionPolicy": { + "type": "string" + }, + "priority": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessGates": { + "type": "array", + "items": { + "type": "object", + "properties": { + "conditionType": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "restartPolicy": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "supplementalGroups": { + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "serviceAccount": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "setHostnameAsFQDN": { + "type": "boolean" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "subdomain": { + "type": "string" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "topologySpreadConstraints": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "awsElasticBlockStore": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "azureDisk": { + "type": "object", + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "azureFile": { + "type": "object", + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cephfs": { + "type": "object", + "properties": { + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cinder": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "csi": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "emptyDir": { + "type": "object", + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "ephemeral": { + "type": "object", + "properties": { + "volumeClaimTemplate": { + "type": "object", + "properties": { + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "dataSource": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dataSourceRef": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "selector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "fc": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "type": "array", + "items": { + "type": "string" + } + }, + "wwids": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "flexVolume": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "flocker": { + "type": "object", + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "gcePersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "gitRepo": { + "type": "object", + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "additionalProperties": false + }, + "glusterfs": { + "type": "object", + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "iscsi": { + "type": "object", + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "type": "array", + "items": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "targetPortal": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nfs": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "additionalProperties": false + }, + "persistentVolumeClaim": { + "type": "object", + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "photonPersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "portworxVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "projected": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMap": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "serviceAccountToken": { + "type": "object", + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "quobyte": { + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "additionalProperties": false + }, + "rbd": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "scaleIO": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "storageos": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "additionalProperties": false + }, + "vsphereVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "lastProbeTime": { + "type": "string" + }, + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "containerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "ephemeralContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "hostIP": { + "type": "string" + }, + "initContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "message": { + "type": "string" + }, + "nominatedNodeName": { + "type": "string" + }, + "phase": { + "type": "string" + }, + "podIP": { + "type": "string" + }, + "podIPs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "qosClass": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "replicas": { + "type": "integer" + }, + "resource": { + "type": "object", + "properties": { + "cpu": { + "type": "number" + }, + "memory": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "logConfiguration": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "podTemplate": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "activeDeadlineSeconds": { + "type": "integer" + }, + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "preference": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "podAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "dnsConfig": { + "type": "object", + "properties": { + "nameservers": { + "type": "array", + "items": { + "type": "string" + } + }, + "options": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "searches": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "enableServiceLinks": { + "type": "boolean" + }, + "ephemeralContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "targetContainerName": { + "type": "string" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostAliases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "hostnames": { + "type": "array", + "items": { + "type": "string" + } + }, + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostIPC": { + "type": "boolean" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPID": { + "type": "boolean" + }, + "hostname": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "initContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "nodeName": { + "type": "string" + }, + "nodeSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "os": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "overhead": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "preemptionPolicy": { + "type": "string" + }, + "priority": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessGates": { + "type": "array", + "items": { + "type": "object", + "properties": { + "conditionType": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "restartPolicy": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "supplementalGroups": { + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "serviceAccount": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "setHostnameAsFQDN": { + "type": "boolean" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "subdomain": { + "type": "string" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "topologySpreadConstraints": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "awsElasticBlockStore": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "azureDisk": { + "type": "object", + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "azureFile": { + "type": "object", + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cephfs": { + "type": "object", + "properties": { + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cinder": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "csi": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "emptyDir": { + "type": "object", + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "ephemeral": { + "type": "object", + "properties": { + "volumeClaimTemplate": { + "type": "object", + "properties": { + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "dataSource": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dataSourceRef": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "selector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "fc": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "type": "array", + "items": { + "type": "string" + } + }, + "wwids": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "flexVolume": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "flocker": { + "type": "object", + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "gcePersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "gitRepo": { + "type": "object", + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "additionalProperties": false + }, + "glusterfs": { + "type": "object", + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "iscsi": { + "type": "object", + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "type": "array", + "items": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "targetPortal": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nfs": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "additionalProperties": false + }, + "persistentVolumeClaim": { + "type": "object", + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "photonPersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "portworxVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "projected": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMap": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "serviceAccountToken": { + "type": "object", + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "quobyte": { + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "additionalProperties": false + }, + "rbd": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "scaleIO": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "storageos": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "additionalProperties": false + }, + "vsphereVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "lastProbeTime": { + "type": "string" + }, + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "containerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "ephemeralContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "hostIP": { + "type": "string" + }, + "initContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "message": { + "type": "string" + }, + "nominatedNodeName": { + "type": "string" + }, + "phase": { + "type": "string" + }, + "podIP": { + "type": "string" + }, + "podIPs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "qosClass": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "restartNonce": { + "type": "integer" + }, + "serviceAccount": { + "type": "string" + }, + "taskManager": { + "type": "object", + "properties": { + "podTemplate": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "activeDeadlineSeconds": { + "type": "integer" + }, + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "preference": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "podAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "dnsConfig": { + "type": "object", + "properties": { + "nameservers": { + "type": "array", + "items": { + "type": "string" + } + }, + "options": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "searches": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "enableServiceLinks": { + "type": "boolean" + }, + "ephemeralContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "targetContainerName": { + "type": "string" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostAliases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "hostnames": { + "type": "array", + "items": { + "type": "string" + } + }, + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostIPC": { + "type": "boolean" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPID": { + "type": "boolean" + }, + "hostname": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "initContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "nodeName": { + "type": "string" + }, + "nodeSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "os": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "overhead": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "preemptionPolicy": { + "type": "string" + }, + "priority": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessGates": { + "type": "array", + "items": { + "type": "object", + "properties": { + "conditionType": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "restartPolicy": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "supplementalGroups": { + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "serviceAccount": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "setHostnameAsFQDN": { + "type": "boolean" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "subdomain": { + "type": "string" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "topologySpreadConstraints": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "awsElasticBlockStore": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "azureDisk": { + "type": "object", + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "azureFile": { + "type": "object", + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cephfs": { + "type": "object", + "properties": { + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cinder": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "csi": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "emptyDir": { + "type": "object", + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "ephemeral": { + "type": "object", + "properties": { + "volumeClaimTemplate": { + "type": "object", + "properties": { + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "dataSource": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dataSourceRef": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "selector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "fc": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "type": "array", + "items": { + "type": "string" + } + }, + "wwids": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "flexVolume": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "flocker": { + "type": "object", + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "gcePersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "gitRepo": { + "type": "object", + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "additionalProperties": false + }, + "glusterfs": { + "type": "object", + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "iscsi": { + "type": "object", + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "type": "array", + "items": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "targetPortal": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nfs": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "additionalProperties": false + }, + "persistentVolumeClaim": { + "type": "object", + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "photonPersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "portworxVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "projected": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMap": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "serviceAccountToken": { + "type": "object", + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "quobyte": { + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "additionalProperties": false + }, + "rbd": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "scaleIO": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "storageos": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "additionalProperties": false + }, + "vsphereVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "lastProbeTime": { + "type": "string" + }, + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "containerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "ephemeralContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "hostIP": { + "type": "string" + }, + "initContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "message": { + "type": "string" + }, + "nominatedNodeName": { + "type": "string" + }, + "phase": { + "type": "string" + }, + "podIP": { + "type": "string" + }, + "podIPs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "qosClass": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "resource": { + "type": "object", + "properties": { + "cpu": { + "type": "number" + }, + "memory": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "jobManagerDeploymentStatus": { + "type": "string", + "enum": [ + "READY", + "DEPLOYED_NOT_READY", + "DEPLOYING", + "MISSING", + "ERROR" + ] + }, + "jobStatus": { + "type": "object", + "properties": { + "jobId": { + "type": "string" + }, + "jobName": { + "type": "string" + }, + "savepointInfo": { + "type": "object", + "properties": { + "lastSavepoint": { + "type": "object", + "properties": { + "location": { + "type": "string" + }, + "timeStamp": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "triggerId": { + "type": "string" + }, + "triggerTimestamp": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "startTime": { + "type": "string" + }, + "state": { + "type": "string" + }, + "updateTime": { + "type": "string" + } + }, + "additionalProperties": false + }, + "reconciliationStatus": { + "type": "object", + "properties": { + "error": { + "type": "string" + }, + "lastReconciledSpec": { + "type": "object", + "properties": { + "flinkConfiguration": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "flinkVersion": { + "type": "string", + "enum": [ + "v1_14", + "v1_15", + "v1_16" + ] + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "ingress": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "className": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "additionalProperties": false + }, + "job": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "entryClass": { + "type": "string" + }, + "initialSavepointPath": { + "type": "string" + }, + "jarURI": { + "type": "string" + }, + "parallelism": { + "type": "integer" + }, + "savepointTriggerNonce": { + "type": "integer" + }, + "state": { + "type": "string", + "enum": [ + "running", + "suspended" + ] + }, + "upgradeMode": { + "type": "string", + "enum": [ + "savepoint", + "last-state", + "stateless" + ] + } + }, + "additionalProperties": false + }, + "jobManager": { + "type": "object", + "properties": { + "podTemplate": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "activeDeadlineSeconds": { + "type": "integer" + }, + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "preference": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "podAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "dnsConfig": { + "type": "object", + "properties": { + "nameservers": { + "type": "array", + "items": { + "type": "string" + } + }, + "options": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "searches": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "enableServiceLinks": { + "type": "boolean" + }, + "ephemeralContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "targetContainerName": { + "type": "string" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostAliases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "hostnames": { + "type": "array", + "items": { + "type": "string" + } + }, + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostIPC": { + "type": "boolean" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPID": { + "type": "boolean" + }, + "hostname": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "initContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "nodeName": { + "type": "string" + }, + "nodeSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "os": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "overhead": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "preemptionPolicy": { + "type": "string" + }, + "priority": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessGates": { + "type": "array", + "items": { + "type": "object", + "properties": { + "conditionType": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "restartPolicy": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "supplementalGroups": { + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "serviceAccount": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "setHostnameAsFQDN": { + "type": "boolean" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "subdomain": { + "type": "string" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "topologySpreadConstraints": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "awsElasticBlockStore": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "azureDisk": { + "type": "object", + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "azureFile": { + "type": "object", + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cephfs": { + "type": "object", + "properties": { + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cinder": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "csi": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "emptyDir": { + "type": "object", + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "ephemeral": { + "type": "object", + "properties": { + "volumeClaimTemplate": { + "type": "object", + "properties": { + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "dataSource": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dataSourceRef": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "selector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "fc": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "type": "array", + "items": { + "type": "string" + } + }, + "wwids": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "flexVolume": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "flocker": { + "type": "object", + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "gcePersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "gitRepo": { + "type": "object", + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "additionalProperties": false + }, + "glusterfs": { + "type": "object", + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "iscsi": { + "type": "object", + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "type": "array", + "items": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "targetPortal": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nfs": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "additionalProperties": false + }, + "persistentVolumeClaim": { + "type": "object", + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "photonPersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "portworxVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "projected": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMap": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "serviceAccountToken": { + "type": "object", + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "quobyte": { + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "additionalProperties": false + }, + "rbd": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "scaleIO": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "storageos": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "additionalProperties": false + }, + "vsphereVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "lastProbeTime": { + "type": "string" + }, + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "containerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "ephemeralContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "hostIP": { + "type": "string" + }, + "initContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "message": { + "type": "string" + }, + "nominatedNodeName": { + "type": "string" + }, + "phase": { + "type": "string" + }, + "podIP": { + "type": "string" + }, + "podIPs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "qosClass": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "replicas": { + "type": "integer" + }, + "resource": { + "type": "object", + "properties": { + "cpu": { + "type": "number" + }, + "memory": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "logConfiguration": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "podTemplate": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "activeDeadlineSeconds": { + "type": "integer" + }, + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "preference": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "podAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "dnsConfig": { + "type": "object", + "properties": { + "nameservers": { + "type": "array", + "items": { + "type": "string" + } + }, + "options": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "searches": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "enableServiceLinks": { + "type": "boolean" + }, + "ephemeralContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "targetContainerName": { + "type": "string" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostAliases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "hostnames": { + "type": "array", + "items": { + "type": "string" + } + }, + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostIPC": { + "type": "boolean" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPID": { + "type": "boolean" + }, + "hostname": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "initContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "nodeName": { + "type": "string" + }, + "nodeSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "os": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "overhead": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "preemptionPolicy": { + "type": "string" + }, + "priority": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessGates": { + "type": "array", + "items": { + "type": "object", + "properties": { + "conditionType": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "restartPolicy": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "supplementalGroups": { + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "serviceAccount": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "setHostnameAsFQDN": { + "type": "boolean" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "subdomain": { + "type": "string" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "topologySpreadConstraints": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "awsElasticBlockStore": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "azureDisk": { + "type": "object", + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "azureFile": { + "type": "object", + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cephfs": { + "type": "object", + "properties": { + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cinder": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "csi": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "emptyDir": { + "type": "object", + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "ephemeral": { + "type": "object", + "properties": { + "volumeClaimTemplate": { + "type": "object", + "properties": { + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "dataSource": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dataSourceRef": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "selector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "fc": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "type": "array", + "items": { + "type": "string" + } + }, + "wwids": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "flexVolume": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "flocker": { + "type": "object", + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "gcePersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "gitRepo": { + "type": "object", + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "additionalProperties": false + }, + "glusterfs": { + "type": "object", + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "iscsi": { + "type": "object", + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "type": "array", + "items": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "targetPortal": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nfs": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "additionalProperties": false + }, + "persistentVolumeClaim": { + "type": "object", + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "photonPersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "portworxVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "projected": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMap": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "serviceAccountToken": { + "type": "object", + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "quobyte": { + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "additionalProperties": false + }, + "rbd": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "scaleIO": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "storageos": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "additionalProperties": false + }, + "vsphereVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "lastProbeTime": { + "type": "string" + }, + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "containerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "ephemeralContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "hostIP": { + "type": "string" + }, + "initContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "message": { + "type": "string" + }, + "nominatedNodeName": { + "type": "string" + }, + "phase": { + "type": "string" + }, + "podIP": { + "type": "string" + }, + "podIPs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "qosClass": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "restartNonce": { + "type": "integer" + }, + "serviceAccount": { + "type": "string" + }, + "taskManager": { + "type": "object", + "properties": { + "podTemplate": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "activeDeadlineSeconds": { + "type": "integer" + }, + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "preference": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "podAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "podAntiAffinity": { + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "podAffinityTerm": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + }, + "weight": { + "type": "integer" + } + }, + "additionalProperties": false + } + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaceSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "namespaces": { + "type": "array", + "items": { + "type": "string" + } + }, + "topologyKey": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "containers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "dnsConfig": { + "type": "object", + "properties": { + "nameservers": { + "type": "array", + "items": { + "type": "string" + } + }, + "options": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "searches": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "enableServiceLinks": { + "type": "boolean" + }, + "ephemeralContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "targetContainerName": { + "type": "string" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostAliases": { + "type": "array", + "items": { + "type": "object", + "properties": { + "hostnames": { + "type": "array", + "items": { + "type": "string" + } + }, + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "hostIPC": { + "type": "boolean" + }, + "hostNetwork": { + "type": "boolean" + }, + "hostPID": { + "type": "boolean" + }, + "hostname": { + "type": "string" + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "initContainers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + } + }, + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "type": "object", + "properties": { + "configMapKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secretKeyRef": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "envFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMapRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "livenessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerPort": { + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "readinessProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "securityContext": { + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "type": "object", + "properties": { + "add": { + "type": "array", + "items": { + "type": "string" + } + }, + "drop": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "startupProbe": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "failureThreshold": { + "type": "integer" + }, + "grpc": { + "type": "object", + "properties": { + "port": { + "type": "integer" + }, + "service": { + "type": "string" + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "tcpSocket": { + "type": "object", + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + }, + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "type": "array", + "items": { + "type": "object", + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "workingDir": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "nodeName": { + "type": "string" + }, + "nodeSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "os": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "overhead": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "preemptionPolicy": { + "type": "string" + }, + "priority": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "readinessGates": { + "type": "array", + "items": { + "type": "object", + "properties": { + "conditionType": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "restartPolicy": { + "type": "string" + }, + "runtimeClassName": { + "type": "string" + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "type": "object", + "properties": { + "fsGroup": { + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seLinuxOptions": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "seccompProfile": { + "type": "object", + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "supplementalGroups": { + "type": "array", + "items": { + "type": "integer" + } + }, + "sysctls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "windowsOptions": { + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "serviceAccount": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "setHostnameAsFQDN": { + "type": "boolean" + }, + "shareProcessNamespace": { + "type": "boolean" + }, + "subdomain": { + "type": "string" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "topologySpreadConstraints": { + "type": "array", + "items": { + "type": "object", + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "maxSkew": { + "type": "integer" + }, + "topologyKey": { + "type": "string" + }, + "whenUnsatisfiable": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "awsElasticBlockStore": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "azureDisk": { + "type": "object", + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "azureFile": { + "type": "object", + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cephfs": { + "type": "object", + "properties": { + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "cinder": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "configMap": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "csi": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "emptyDir": { + "type": "object", + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + }, + "ephemeral": { + "type": "object", + "properties": { + "volumeClaimTemplate": { + "type": "object", + "properties": { + "metadata": { + "type": "object", + "properties": { + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "clusterName": { + "type": "string" + }, + "creationTimestamp": { + "type": "string" + }, + "deletionGracePeriodSeconds": { + "type": "integer" + }, + "deletionTimestamp": { + "type": "string" + }, + "finalizers": { + "type": "array", + "items": { + "type": "string" + } + }, + "generateName": { + "type": "string" + }, + "generation": { + "type": "integer" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "managedFields": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldsType": { + "type": "string" + }, + "fieldsV1": { + "type": "object" + }, + "manager": { + "type": "string" + }, + "operation": { + "type": "string" + }, + "subresource": { + "type": "string" + }, + "time": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "ownerReferences": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "blockOwnerDeletion": { + "type": "boolean" + }, + "controller": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "resourceVersion": { + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "additionalProperties": false + }, + "spec": { + "type": "object", + "properties": { + "accessModes": { + "type": "array", + "items": { + "type": "string" + } + }, + "dataSource": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "dataSourceRef": { + "type": "object", + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "requests": { + "type": "object", + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + } + }, + "additionalProperties": false + }, + "selector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "storageClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "fc": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "type": "array", + "items": { + "type": "string" + } + }, + "wwids": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "flexVolume": { + "type": "object", + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "flocker": { + "type": "object", + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "gcePersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "gitRepo": { + "type": "object", + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "additionalProperties": false + }, + "glusterfs": { + "type": "object", + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, + "iscsi": { + "type": "object", + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "type": "string" + }, + "lun": { + "type": "integer" + }, + "portals": { + "type": "array", + "items": { + "type": "string" + } + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "targetPortal": { + "type": "string" + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nfs": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "additionalProperties": false + }, + "persistentVolumeClaim": { + "type": "object", + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "photonPersistentDisk": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "portworxVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "additionalProperties": false + }, + "projected": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "sources": { + "type": "array", + "items": { + "type": "object", + "properties": { + "configMap": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "downwardAPI": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fieldRef": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "additionalProperties": false + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "type": "object", + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "additionalProperties": false + }, + "serviceAccountToken": { + "type": "object", + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "quobyte": { + "type": "object", + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "additionalProperties": false + }, + "rbd": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "type": "string" + }, + "monitors": { + "type": "array", + "items": { + "type": "string" + } + }, + "pool": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "additionalProperties": false + }, + "scaleIO": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "secret": { + "type": "object", + "properties": { + "defaultMode": { + "type": "integer" + }, + "items": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "mode": { + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "additionalProperties": false + }, + "storageos": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "additionalProperties": false + }, + "vsphereVolume": { + "type": "object", + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "status": { + "type": "object", + "properties": { + "conditions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "lastProbeTime": { + "type": "string" + }, + "lastTransitionTime": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "containerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "ephemeralContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "hostIP": { + "type": "string" + }, + "initContainerStatuses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "image": { + "type": "string" + }, + "imageID": { + "type": "string" + }, + "lastState": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ready": { + "type": "boolean" + }, + "restartCount": { + "type": "integer" + }, + "started": { + "type": "boolean" + }, + "state": { + "type": "object", + "properties": { + "running": { + "type": "object", + "properties": { + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "terminated": { + "type": "object", + "properties": { + "containerID": { + "type": "string" + }, + "exitCode": { + "type": "integer" + }, + "finishedAt": { + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "signal": { + "type": "integer" + }, + "startedAt": { + "type": "string" + } + }, + "additionalProperties": false + }, + "waiting": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "reason": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "message": { + "type": "string" + }, + "nominatedNodeName": { + "type": "string" + }, + "phase": { + "type": "string" + }, + "podIP": { + "type": "string" + }, + "podIPs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "ip": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "qosClass": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "resource": { + "type": "object", + "properties": { + "cpu": { + "type": "number" + }, + "memory": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "success": { + "type": "boolean" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + } +} diff --git a/schema/gateway.networking.k8s.io/backendtlspolicy_v1alpha2.json b/schema/gateway.networking.k8s.io/backendtlspolicy_v1alpha2.json index 3b9f4426f..2bbb52fac 100644 --- a/schema/gateway.networking.k8s.io/backendtlspolicy_v1alpha2.json +++ b/schema/gateway.networking.k8s.io/backendtlspolicy_v1alpha2.json @@ -1,19 +1,23 @@ { + "description": "BackendTLSPolicy provides a way to configure how a Gateway connects to a Backend via TLS.", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "Spec defines the desired state of BackendTLSPolicy.", "type": "object", "required": [ "targetRef", @@ -21,6 +25,7 @@ ], "properties": { "targetRef": { + "description": "TargetRef identifies an API object to apply the policy to. Only Services have Extended support. Implementations MAY support additional objects, with Implementation Specific support. Note that this config applies to the entire referenced resource by default, but this default may change in the future to provide a more granular application of the policy. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource", "type": "object", "required": [ "group", @@ -29,28 +34,33 @@ ], "properties": { "group": { + "description": "Group is the group of the target resource.", "type": "string", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { + "description": "Kind is kind of the target resource.", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" }, "name": { + "description": "Name is the name of the target resource.", "type": "string", "maxLength": 253, "minLength": 1 }, "namespace": { + "description": "Namespace is the namespace of the referent. When unspecified, the local namespace is inferred. Even when policy targets a resource in a different namespace, it MUST only apply to traffic originating from the same namespace as the policy.", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" }, "sectionName": { + "description": "SectionName is the name of a section within the target resource. When unspecified, this targetRef targets the entire resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name * Service: Port Name \n If a SectionName is specified, but does not exist on the targeted object, the Policy must fail to attach, and the policy implementation should record a `ResolvedRefs` or similar Condition in the Policy's status.", "type": "string", "maxLength": 253, "minLength": 1, @@ -60,15 +70,18 @@ "additionalProperties": false }, "tls": { + "description": "TLS contains backend TLS policy configuration.", "type": "object", "required": [ "hostname" ], "properties": { "caCertRefs": { + "description": "CACertRefs contains one or more references to Kubernetes objects that contain a PEM-encoded TLS CA certificate bundle, which is used to validate a TLS handshake between the Gateway and backend Pod. \n If CACertRefs is empty or unspecified, then WellKnownCACerts must be specified. Only one of CACertRefs or WellKnownCACerts may be specified, not both. If CACertRefs is empty or unspecified, the configuration for WellKnownCACerts MUST be honored instead. \n References to a resource in a different namespace are invalid for the moment, although we will revisit this in the future. \n A single CACertRef to a Kubernetes ConfigMap kind has \"Core\" support. Implementations MAY choose to support attaching multiple certificates to a backend, but this behavior is implementation-specific. \n Support: Core - An optional single reference to a Kubernetes ConfigMap, with the CA certificate in a key named `ca.crt`. \n Support: Implementation-specific (More than one reference, or other kinds of resources).", "type": "array", "maxItems": 8, "items": { + "description": "LocalObjectReference identifies an API object within the namespace of the referrer. The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid. \n References to objects with invalid Group and Kind are not valid, and must be rejected by the implementation, with appropriate Conditions set on the containing object.", "type": "object", "required": [ "group", @@ -77,17 +90,20 @@ ], "properties": { "group": { + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred.", "type": "string", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { + "description": "Kind is kind of the referent. For example \"HTTPRoute\" or \"Service\".", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" }, "name": { + "description": "Name is the name of the referent.", "type": "string", "maxLength": 253, "minLength": 1 @@ -97,12 +113,14 @@ } }, "hostname": { + "description": "Hostname is used for two purposes in the connection between Gateways and backends: \n 1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066). 2. Hostname MUST be used for authentication and MUST match the certificate served by the matching backend. \n Support: Core", "type": "string", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "wellKnownCACerts": { + "description": "WellKnownCACerts specifies whether system CA certificates may be used in the TLS handshake between the gateway and backend pod. \n If WellKnownCACerts is unspecified or empty (\"\"), then CACertRefs must be specified with at least one entry for a valid configuration. Only one of CACertRefs or WellKnownCACerts may be specified, not both. \n Support: Core for \"System\"", "type": "string", "enum": [ "System" @@ -125,15 +143,18 @@ "additionalProperties": false }, "status": { + "description": "Status defines the current state of BackendTLSPolicy.", "type": "object", "required": [ "ancestors" ], "properties": { "ancestors": { + "description": "Ancestors is a list of ancestor resources (usually Gateways) that are associated with the policy, and the status of the policy with respect to each ancestor. When this policy attaches to a parent, the controller that manages the parent and the ancestors MUST add an entry to this list when the controller first sees the policy and SHOULD update the entry as appropriate when the relevant ancestor is modified. \n Note that choosing the relevant ancestor is left to the Policy designers; an important part of Policy design is designing the right object level at which to namespace this status. \n Note also that implementations MUST ONLY populate ancestor status for the Ancestor resources they are responsible for. Implementations MUST use the ControllerName field to uniquely identify the entries in this list that they are responsible for. \n Note that to achieve this, the list of PolicyAncestorStatus structs MUST be treated as a map with a composite key, made up of the AncestorRef and ControllerName fields combined. \n A maximum of 16 ancestors will be represented in this list. An empty list means the Policy is not relevant for any ancestors. \n If this slice is full, implementations MUST NOT add further entries. Instead they MUST consider the policy unimplementable and signal that on any related resources such as the ancestor that would be referenced here. For example, if this list was full on BackendTLSPolicy, no additional Gateways would be able to reference the Service targeted by the BackendTLSPolicy.", "type": "array", "maxItems": 16, "items": { + "description": "PolicyAncestorStatus describes the status of a route with respect to an associated Ancestor. \n Ancestors refer to objects that are either the Target of a policy or above it in terms of object hierarchy. For example, if a policy targets a Service, the Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most useful object to place Policy status on, so we recommend that implementations SHOULD use Gateway as the PolicyAncestorStatus object unless the designers have a _very_ good reason otherwise. \n In the context of policy attachment, the Ancestor is used to distinguish which resource results in a distinct application of this policy. For example, if a policy targets a Service, it may have a distinct result per attached Gateway. \n Policies targeting the same resource may have different effects depending on the ancestors of those resources. For example, different Gateways targeting the same Service may have different capabilities, especially if they have different underlying implementations. \n For example, in BackendTLSPolicy, the Policy attaches to a Service that is used as a backend in a HTTPRoute that is itself attached to a Gateway. In this case, the relevant object for status is the Gateway, and that is the ancestor object referred to in this status. \n Note that a parent is also an ancestor, so for objects where the parent is the relevant object for status, this struct SHOULD still be used. \n This struct is intended to be used in a slice that's effectively a map, with a composite key made up of the AncestorRef and the ControllerName.", "type": "object", "required": [ "ancestorRef", @@ -141,18 +162,21 @@ ], "properties": { "ancestorRef": { + "description": "AncestorRef corresponds with a ParentRef in the spec that this PolicyAncestorStatus struct describes the status of.", "type": "object", "required": [ "name" ], "properties": { "group": { + "description": "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core", "type": "string", "default": "gateway.networking.k8s.io", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { + "description": "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific.", "type": "string", "default": "Gateway", "maxLength": 63, @@ -160,23 +184,27 @@ "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" }, "name": { + "description": "Name is the name of the referent. \n Support: Core", "type": "string", "maxLength": 253, "minLength": 1 }, "namespace": { + "description": "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" }, "port": { + "description": "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n ", "type": "integer", "format": "int32", "maximum": 65535, "minimum": 1 }, "sectionName": { + "description": "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core", "type": "string", "maxLength": 253, "minLength": 1, @@ -186,10 +214,12 @@ "additionalProperties": false }, "conditions": { + "description": "Conditions describes the status of the Policy with respect to the given Ancestor.", "type": "array", "maxItems": 8, "minItems": 1, "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -200,25 +230,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -227,6 +262,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -240,6 +276,7 @@ "x-kubernetes-list-type": "map" }, "controllerName": { + "description": "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary.", "type": "string", "maxLength": 253, "minLength": 1, diff --git a/schema/gateway.networking.k8s.io/gateway_v1alpha2.json b/schema/gateway.networking.k8s.io/gateway_v1alpha2.json index aac455650..bc90696bd 100644 --- a/schema/gateway.networking.k8s.io/gateway_v1alpha2.json +++ b/schema/gateway.networking.k8s.io/gateway_v1alpha2.json @@ -52,8 +52,7 @@ } ] } - }, - "additionalProperties": false + } }, { "properties": { @@ -64,8 +63,7 @@ ] } } - }, - "additionalProperties": false + } } ], "properties": { @@ -416,8 +414,7 @@ } ] } - }, - "additionalProperties": false + } }, { "properties": { @@ -428,8 +425,7 @@ ] } } - }, - "additionalProperties": false + } } ], "properties": { diff --git a/schema/gateway.networking.k8s.io/grpcroute_v1alpha2.json b/schema/gateway.networking.k8s.io/grpcroute_v1alpha2.json index 8b96584c9..2824d8896 100644 --- a/schema/gateway.networking.k8s.io/grpcroute_v1alpha2.json +++ b/schema/gateway.networking.k8s.io/grpcroute_v1alpha2.json @@ -1,13 +1,13 @@ { - "description": "GRPCRoute provides a way to route gRPC requests. This includes the capability to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header. Filters can be used to specify additional processing steps. Backends specify where matching requests will be routed. \n GRPCRoute falls under extended support within the Gateway API. Within the following specification, the word \"MUST\" indicates that an implementation supporting GRPCRoute must conform to the indicated requirement, but an implementation not supporting this route type need not follow the requirement unless explicitly indicated. \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via ALPN. If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c, https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation does not support this, then it MUST set the \"Accepted\" condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections with an upgrade from HTTP/1, i.e. without prior knowledge.", + "description": "GRPCRoute provides a way to route gRPC requests. This includes the capability\nto match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.\nFilters can be used to specify additional processing steps. Backends specify\nwhere matching requests will be routed.\n\n\nGRPCRoute falls under extended support within the Gateway API. Within the\nfollowing specification, the word \"MUST\" indicates that an implementation\nsupporting GRPCRoute must conform to the indicated requirement, but an\nimplementation not supporting this route type need not follow the requirement\nunless explicitly indicated.\n\n\nImplementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST\naccept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via\nALPN. If the implementation does not support this, then it MUST set the\n\"Accepted\" condition to \"False\" for the affected listener with a reason of\n\"UnsupportedProtocol\". Implementations MAY also accept HTTP/2 connections\nwith an upgrade from HTTP/1.\n\n\nImplementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST\nsupport HTTP/2 over cleartext TCP (h2c,\nhttps://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial\nupgrade from HTTP/1.1, i.e. with prior knowledge\n(https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation\ndoes not support this, then it MUST set the \"Accepted\" condition to \"False\"\nfor the affected listener with a reason of \"UnsupportedProtocol\".\nImplementations MAY also accept HTTP/2 connections with an upgrade from\nHTTP/1, i.e. without prior knowledge.", "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -18,11 +18,11 @@ "type": "object", "properties": { "hostnames": { - "description": "Hostnames defines a set of hostnames to match against the GRPC Host header to select a GRPCRoute to process the request. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label MUST appear by itself as the first label. \n If a hostname is specified by both the Listener and GRPCRoute, there MUST be at least one intersecting hostname for the GRPCRoute to be attached to the Listener. For example: \n * A Listener with `test.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames, or have specified at least one of `test.example.com` or `*.example.com`. * A Listener with `*.example.com` as the hostname matches GRPCRoutes that have either not specified any hostnames or have specified at least one hostname that matches the Listener hostname. For example, `test.example.com` and `*.example.com` would both match. On the other hand, `example.com` and `test.example.net` would not match. \n Hostnames that are prefixed with a wildcard label (`*.`) are interpreted as a suffix match. That means that a match for `*.example.com` would match both `test.example.com`, and `foo.test.example.com`, but not `example.com`. \n If both the Listener and GRPCRoute have specified hostnames, any GRPCRoute hostnames that do not match the Listener hostname MUST be ignored. For example, if a Listener specified `*.example.com`, and the GRPCRoute specified `test.example.com` and `test.example.net`, `test.example.net` MUST NOT be considered for a match. \n If both the Listener and GRPCRoute have specified hostnames, and none match with the criteria above, then the GRPCRoute MUST NOT be accepted by the implementation. The implementation MUST raise an 'Accepted' Condition with a status of `False` in the corresponding RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute is attached to a Listener and that listener already has another Route (B) of the other type attached and the intersection of the hostnames of A and B is non-empty, then the implementation MUST accept exactly one of these two routes, determined by the following criteria, in order: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n The rejected Route MUST raise an 'Accepted' condition with a status of 'False' in the corresponding RouteParentStatus. \n Support: Core", + "description": "Hostnames defines a set of hostnames to match against the GRPC\nHost header to select a GRPCRoute to process the request. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n1. IPs are not allowed.\n2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label MUST appear by itself as the first label.\n\n\nIf a hostname is specified by both the Listener and GRPCRoute, there\nMUST be at least one intersecting hostname for the GRPCRoute to be\nattached to the Listener. For example:\n\n\n* A Listener with `test.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames, or have specified at\n least one of `test.example.com` or `*.example.com`.\n* A Listener with `*.example.com` as the hostname matches GRPCRoutes\n that have either not specified any hostnames or have specified at least\n one hostname that matches the Listener hostname. For example,\n `test.example.com` and `*.example.com` would both match. On the other\n hand, `example.com` and `test.example.net` would not match.\n\n\nHostnames that are prefixed with a wildcard label (`*.`) are interpreted\nas a suffix match. That means that a match for `*.example.com` would match\nboth `test.example.com`, and `foo.test.example.com`, but not `example.com`.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, any\nGRPCRoute hostnames that do not match the Listener hostname MUST be\nignored. For example, if a Listener specified `*.example.com`, and the\nGRPCRoute specified `test.example.com` and `test.example.net`,\n`test.example.net` MUST NOT be considered for a match.\n\n\nIf both the Listener and GRPCRoute have specified hostnames, and none\nmatch with the criteria above, then the GRPCRoute MUST NOT be accepted by\nthe implementation. The implementation MUST raise an 'Accepted' Condition\nwith a status of `False` in the corresponding RouteParentStatus.\n\n\nIf a Route (A) of type HTTPRoute or GRPCRoute is attached to a\nListener and that listener already has another Route (B) of the other\ntype attached and the intersection of the hostnames of A and B is\nnon-empty, then the implementation MUST accept exactly one of these two\nroutes, determined by the following criteria, in order:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nThe rejected Route MUST raise an 'Accepted' condition with a status of\n'False' in the corresponding RouteParentStatus.\n\n\nSupport: Core", "type": "array", "maxItems": 16, "items": { - "description": "Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard label must appear by itself as the first label. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed.", + "description": "Hostname is the fully qualified domain name of a network host. This matches\nthe RFC 1123 definition of a hostname with 2 notable exceptions:\n\n\n 1. IPs are not allowed.\n 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard\n label must appear by itself as the first label.\n\n\nHostname can be \"precise\" which is a domain name without the terminating\ndot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a\ndomain name prefixed with a single wildcard label (e.g. `*.example.com`).\n\n\nNote that as per RFC1035 and RFC1123, a *label* must consist of lower case\nalphanumeric characters or '-', and must start and end with an alphanumeric\ncharacter. No other punctuation is allowed.", "type": "string", "maxLength": 253, "minLength": 1, @@ -30,25 +30,25 @@ } }, "parentRefs": { - "description": "ParentRefs references the resources (usually Gateways) that a Route wants to be attached to. Note that the referenced parent resource needs to allow this for the attachment to be complete. For Gateways, that means the Gateway needs to allow attachment from Routes of this kind and namespace. For Services, that means the Service must either be in the same namespace for a \"producer\" route, or the mesh implementation must support and allow \"consumer\" routes for the referenced Service. ReferenceGrant is not applicable for governing ParentRefs to Services - it is not possible to create a \"producer\" route for a Service in a different namespace from the Route. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent resources. \n ParentRefs must be _distinct_. This means either that: \n * They select different objects. If this is the case, then parentRef entries are distinct. In terms of fields, this means that the multi-part key defined by `group`, `kind`, `namespace`, and `name` must be unique across all parentRef entries in the Route. * They do not select different objects, but for each optional field used, each ParentRef that selects the same object must set the same set of optional fields to different values. If one ParentRef sets a combination of optional fields, all must set the same combination. \n Some examples: \n * If one ParentRef sets `sectionName`, all ParentRefs referencing the same object must also set `sectionName`. * If one ParentRef sets `port`, all ParentRefs referencing the same object must also set `port`. * If one ParentRef sets `sectionName` and `port`, all ParentRefs referencing the same object must also set `sectionName` and `port`. \n It is possible to separately reference multiple distinct objects that may be collapsed by an implementation. For example, some implementations may choose to merge compatible Gateway Listeners together. If that is the case, the list of routes attached to those resources should also be merged. \n Note that for ParentRefs that cross namespace boundaries, there are specific rules. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example, Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable other kinds of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n ", + "description": "ParentRefs references the resources (usually Gateways) that a Route wants\nto be attached to. Note that the referenced parent resource needs to\nallow this for the attachment to be complete. For Gateways, that means\nthe Gateway needs to allow attachment from Routes of this kind and\nnamespace. For Services, that means the Service must either be in the same\nnamespace for a \"producer\" route, or the mesh implementation must support\nand allow \"consumer\" routes for the referenced Service. ReferenceGrant is\nnot applicable for governing ParentRefs to Services - it is not possible to\ncreate a \"producer\" route for a Service in a different namespace from the\nRoute.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nParentRefs must be _distinct_. This means either that:\n\n\n* They select different objects. If this is the case, then parentRef\n entries are distinct. In terms of fields, this means that the\n multi-part key defined by `group`, `kind`, `namespace`, and `name` must\n be unique across all parentRef entries in the Route.\n* They do not select different objects, but for each optional field used,\n each ParentRef that selects the same object must set the same set of\n optional fields to different values. If one ParentRef sets a\n combination of optional fields, all must set the same combination.\n\n\nSome examples:\n\n\n* If one ParentRef sets `sectionName`, all ParentRefs referencing the\n same object must also set `sectionName`.\n* If one ParentRef sets `port`, all ParentRefs referencing the same\n object must also set `port`.\n* If one ParentRef sets `sectionName` and `port`, all ParentRefs\n referencing the same object must also set `sectionName` and `port`.\n\n\nIt is possible to separately reference multiple distinct objects that may\nbe collapsed by an implementation. For example, some implementations may\nchoose to merge compatible Gateway Listeners together. If that is the\ncase, the list of routes attached to those resources should also be\nmerged.\n\n\nNote that for ParentRefs that cross namespace boundaries, there are specific\nrules. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example,\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable other kinds of cross-namespace reference.\n\n\n\n\n\n\n\n\n", "type": "array", "maxItems": 32, "items": { - "description": "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n This API may be extended in the future to support additional kinds of parent resources. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid.", + "description": "ParentReference identifies an API object (usually a Gateway) that can be considered\na parent of this resource (usually a route). There are two kinds of parent resources\nwith \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nThis API may be extended in the future to support additional kinds of parent\nresources.\n\n\nThe API object must be valid in the cluster; the Group and Kind must\nbe registered in the cluster for this reference to be valid.", "type": "object", "required": [ "name" ], "properties": { "group": { - "description": "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core", + "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core", "type": "string", "default": "gateway.networking.k8s.io", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { - "description": "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific.", + "description": "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific.", "type": "string", "default": "Gateway", "maxLength": 63, @@ -56,27 +56,27 @@ "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" }, "name": { - "description": "Name is the name of the referent. \n Support: Core", + "description": "Name is the name of the referent.\n\n\nSupport: Core", "type": "string", "maxLength": 253, "minLength": 1 }, "namespace": { - "description": "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core", + "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\n\n\nSupport: Core", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" }, "port": { - "description": "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n ", + "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended", "type": "integer", "format": "int32", "maximum": 65535, "minimum": 1 }, "sectionName": { - "description": "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core", + "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core", "type": "string", "maxLength": 253, "minLength": 1, @@ -87,12 +87,12 @@ }, "x-kubernetes-validations": [ { - "rule": "self.all(p1, self.all(p2, p1.group == p2.group \u0026\u0026 p1.kind == p2.kind \u0026\u0026 p1.name == p2.name \u0026\u0026 (((!has(p1.__namespace__) || p1.__namespace__ == '') \u0026\u0026 (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) \u0026\u0026 has(p2.__namespace__) \u0026\u0026 p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '') \u0026\u0026 (!has(p1.port) || p1.port == 0) == (!has(p2.port) || p2.port == 0)): true))", - "message": "sectionName or port must be specified when parentRefs includes 2 or more references to the same parent" + "rule": "self.all(p1, self.all(p2, p1.group == p2.group \u0026\u0026 p1.kind == p2.kind \u0026\u0026 p1.name == p2.name \u0026\u0026 (((!has(p1.__namespace__) || p1.__namespace__ == '') \u0026\u0026 (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) \u0026\u0026 has(p2.__namespace__) \u0026\u0026 p1.__namespace__ == p2.__namespace__ )) ? ((!has(p1.sectionName) || p1.sectionName == '') == (!has(p2.sectionName) || p2.sectionName == '')) : true))", + "message": "sectionName must be specified when parentRefs includes 2 or more references to the same parent" }, { - "rule": "self.all(p1, self.exists_one(p2, p1.group == p2.group \u0026\u0026 p1.kind == p2.kind \u0026\u0026 p1.name == p2.name \u0026\u0026 (((!has(p1.__namespace__) || p1.__namespace__ == '') \u0026\u0026 (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) \u0026\u0026 has(p2.__namespace__) \u0026\u0026 p1.__namespace__ == p2.__namespace__ )) \u0026\u0026 (((!has(p1.sectionName) || p1.sectionName == '') \u0026\u0026 (!has(p2.sectionName) || p2.sectionName == '')) || ( has(p1.sectionName) \u0026\u0026 has(p2.sectionName) \u0026\u0026 p1.sectionName == p2.sectionName)) \u0026\u0026 (((!has(p1.port) || p1.port == 0) \u0026\u0026 (!has(p2.port) || p2.port == 0)) || (has(p1.port) \u0026\u0026 has(p2.port) \u0026\u0026 p1.port == p2.port))))", - "message": "sectionName or port must be unique when parentRefs includes 2 or more references to the same parent" + "rule": "self.all(p1, self.exists_one(p2, p1.group == p2.group \u0026\u0026 p1.kind == p2.kind \u0026\u0026 p1.name == p2.name \u0026\u0026 (((!has(p1.__namespace__) || p1.__namespace__ == '') \u0026\u0026 (!has(p2.__namespace__) || p2.__namespace__ == '')) || (has(p1.__namespace__) \u0026\u0026 has(p2.__namespace__) \u0026\u0026 p1.__namespace__ == p2.__namespace__ )) \u0026\u0026 (((!has(p1.sectionName) || p1.sectionName == '') \u0026\u0026 (!has(p2.sectionName) || p2.sectionName == '')) || (has(p1.sectionName) \u0026\u0026 has(p2.sectionName) \u0026\u0026 p1.sectionName == p2.sectionName))))", + "message": "sectionName must be unique when parentRefs includes 2 or more references to the same parent" } ] }, @@ -101,33 +101,33 @@ "type": "array", "maxItems": 16, "items": { - "description": "GRPCRouteRule defines the semantics for matching a gRPC request based on conditions (matches), processing it (filters), and forwarding the request to an API object (backendRefs).", + "description": "GRPCRouteRule defines the semantics for matching a gRPC request based on\nconditions (matches), processing it (filters), and forwarding the request to\nan API object (backendRefs).", "type": "object", "properties": { "backendRefs": { - "description": "BackendRefs defines the backend(s) where matching requests should be sent. \n Failure behavior here depends on how many BackendRefs are specified and how many are invalid. \n If *all* entries in BackendRefs are invalid, and there are also no filters specified in this route rule, *all* traffic which matches this rule MUST receive an `UNAVAILABLE` status. \n See the GRPCBackendRef definition for the rules about what makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for requests that would have otherwise been routed to an invalid backend. If multiple backends are specified, and some are invalid, the proportion of requests that would otherwise have been routed to an invalid backend MUST receive an `UNAVAILABLE` status. \n For example, if two backends are specified with equal weights, and one is invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status. Implementations may choose how that 50 percent is determined. \n Support: Core for Kubernetes Service \n Support: Implementation-specific for any other resource \n Support for weight: Core", + "description": "BackendRefs defines the backend(s) where matching requests should be\nsent.\n\n\nFailure behavior here depends on how many BackendRefs are specified and\nhow many are invalid.\n\n\nIf *all* entries in BackendRefs are invalid, and there are also no filters\nspecified in this route rule, *all* traffic which matches this rule MUST\nreceive an `UNAVAILABLE` status.\n\n\nSee the GRPCBackendRef definition for the rules about what makes a single\nGRPCBackendRef invalid.\n\n\nWhen a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for\nrequests that would have otherwise been routed to an invalid backend. If\nmultiple backends are specified, and some are invalid, the proportion of\nrequests that would otherwise have been routed to an invalid backend\nMUST receive an `UNAVAILABLE` status.\n\n\nFor example, if two backends are specified with equal weights, and one is\ninvalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.\nImplementations may choose how that 50 percent is determined.\n\n\nSupport: Core for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource\n\n\nSupport for weight: Core", "type": "array", "maxItems": 16, "items": { - "description": "GRPCBackendRef defines how a GRPCRoute forwards a gRPC request. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n \u003cgateway:experimental:description\u003e \n When the BackendRef points to a Kubernetes Service, implementations SHOULD honor the appProtocol field if it is set for the target Service Port. \n Implementations supporting appProtocol SHOULD recognize the Kubernetes Standard Application Protocols defined in KEP-3726. \n If a Service appProtocol isn't specified, an implementation MAY infer the backend protocol through its own means. Implementations MAY infer the protocol from the Route type referring to the backend Service. \n If a Route is not able to send traffic to the backend using the specified protocol then the backend is considered invalid. Implementations MUST set the \"ResolvedRefs\" condition to \"False\" with the \"UnsupportedProtocol\" reason. \n \u003c/gateway:experimental:description\u003e", + "description": "GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.\n\n\nNote that when a namespace different than the local namespace is specified, a\nReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\n\u003cgateway:experimental:description\u003e\n\n\nWhen the BackendRef points to a Kubernetes Service, implementations SHOULD\nhonor the appProtocol field if it is set for the target Service Port.\n\n\nImplementations supporting appProtocol SHOULD recognize the Kubernetes\nStandard Application Protocols defined in KEP-3726.\n\n\nIf a Service appProtocol isn't specified, an implementation MAY infer the\nbackend protocol through its own means. Implementations MAY infer the\nprotocol from the Route type referring to the backend Service.\n\n\nIf a Route is not able to send traffic to the backend using the specified\nprotocol then the backend is considered invalid. Implementations MUST set the\n\"ResolvedRefs\" condition to \"False\" with the \"UnsupportedProtocol\" reason.\n\n\n\u003c/gateway:experimental:description\u003e", "type": "object", "required": [ "name" ], "properties": { "filters": { - "description": "Filters defined at this level MUST be executed if and only if the request is being forwarded to the backend defined here. \n Support: Implementation-specific (For broader support of filters, use the Filters field in GRPCRouteRule.)", + "description": "Filters defined at this level MUST be executed if and only if the\nrequest is being forwarded to the backend defined here.\n\n\nSupport: Implementation-specific (For broader support of filters, use the\nFilters field in GRPCRouteRule.)", "type": "array", "maxItems": 16, "items": { - "description": "GRPCRouteFilter defines processing steps that must be completed during the request or response lifecycle. GRPCRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.", + "description": "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", "type": "object", "required": [ "type" ], "properties": { "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific \n This filter can be used multiple times within the same rule.", + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule.", "type": "object", "required": [ "group", @@ -136,7 +136,7 @@ ], "properties": { "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred.", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "type": "string", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -158,11 +158,11 @@ "additionalProperties": false }, "requestHeaderModifier": { - "description": "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core", + "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core", "type": "object", "properties": { "add": { - "description": "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz", + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "type": "array", "maxItems": 16, "items": { @@ -174,7 +174,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -195,7 +195,7 @@ "x-kubernetes-list-type": "map" }, "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar", + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", "type": "array", "maxItems": 16, "items": { @@ -204,7 +204,7 @@ "x-kubernetes-list-type": "set" }, "set": { - "description": "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar", + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "type": "array", "maxItems": 16, "items": { @@ -216,7 +216,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -240,28 +240,28 @@ "additionalProperties": false }, "requestMirror": { - "description": "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended", + "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended", "type": "object", "required": [ "backendRef" ], "properties": { "backendRef": { - "description": "BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource", + "description": "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource", "type": "object", "required": [ "name" ], "properties": { "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred.", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "type": "string", "default": "", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { - "description": "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)", "type": "string", "default": "Service", "maxLength": 63, @@ -275,14 +275,14 @@ "minLength": 1 }, "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core", + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" }, "port": { - "description": "Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.", + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "type": "integer", "format": "int32", "maximum": 65535, @@ -301,11 +301,11 @@ "additionalProperties": false }, "responseHeaderModifier": { - "description": "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended", + "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended", "type": "object", "properties": { "add": { - "description": "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz", + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "type": "array", "maxItems": 16, "items": { @@ -317,7 +317,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -338,7 +338,7 @@ "x-kubernetes-list-type": "map" }, "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar", + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", "type": "array", "maxItems": 16, "items": { @@ -347,7 +347,7 @@ "x-kubernetes-list-type": "set" }, "set": { - "description": "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar", + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "type": "array", "maxItems": 16, "items": { @@ -359,7 +359,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -383,7 +383,7 @@ "additionalProperties": false }, "type": { - "description": "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n ", + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n", "type": "string", "enum": [ "ResponseHeaderModifier", @@ -441,14 +441,14 @@ ] }, "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred.", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "type": "string", "default": "", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { - "description": "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)", "type": "string", "default": "Service", "maxLength": 63, @@ -462,21 +462,21 @@ "minLength": 1 }, "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core", + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" }, "port": { - "description": "Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.", + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "type": "integer", "format": "int32", "maximum": 65535, "minimum": 1 }, "weight": { - "description": "Weight specifies the proportion of requests forwarded to the referenced backend. This is computed as weight/(sum of all weights in this BackendRefs list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. Weight is not a percentage and the sum of weights does not need to equal 100. \n If only one backend is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weight is set to 0, no traffic should be forwarded for this entry. If unspecified, weight defaults to 1. \n Support for this field varies based on the context where used.", + "description": "Weight specifies the proportion of requests forwarded to the referenced\nbackend. This is computed as weight/(sum of all weights in this\nBackendRefs list). For non-zero values, there may be some epsilon from\nthe exact proportion defined here depending on the precision an\nimplementation supports. Weight is not a percentage and the sum of\nweights does not need to equal 100.\n\n\nIf only one backend is specified and it has a weight greater than 0, 100%\nof the traffic is forwarded to that backend. If weight is set to 0, no\ntraffic should be forwarded for this entry. If unspecified, weight\ndefaults to 1.\n\n\nSupport for this field varies based on the context where used.", "type": "integer", "format": "int32", "default": 1, @@ -494,18 +494,18 @@ } }, "filters": { - "description": "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations that support GRPCRoute. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying the same filter multiple times is not supported unless explicitly indicated in the filter. \n If an implementation can not support a combination of filters, it must clearly document that limitation. In cases where incompatible or unsupported filters are specified and cause the `Accepted` condition to be set to status `False`, implementations may use the `IncompatibleFilters` reason to specify this configuration error. \n Support: Core", + "description": "Filters define the filters that are applied to requests that match\nthis rule.\n\n\nThe effects of ordering of multiple behaviors are currently unspecified.\nThis can change in the future based on feedback during the alpha stage.\n\n\nConformance-levels at this level are defined based on the type of filter:\n\n\n- ALL core filters MUST be supported by all implementations that support\n GRPCRoute.\n- Implementers are encouraged to support extended filters.\n- Implementation-specific custom filters have no API guarantees across\n implementations.\n\n\nSpecifying the same filter multiple times is not supported unless explicitly\nindicated in the filter.\n\n\nIf an implementation can not support a combination of filters, it must clearly\ndocument that limitation. In cases where incompatible or unsupported\nfilters are specified and cause the `Accepted` condition to be set to status\n`False`, implementations may use the `IncompatibleFilters` reason to specify\nthis configuration error.\n\n\nSupport: Core", "type": "array", "maxItems": 16, "items": { - "description": "GRPCRouteFilter defines processing steps that must be completed during the request or response lifecycle. GRPCRouteFilters are meant as an extension point to express processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter.", + "description": "GRPCRouteFilter defines processing steps that must be completed during the\nrequest or response lifecycle. GRPCRouteFilters are meant as an extension\npoint to express processing that may be done in Gateway implementations. Some\nexamples include request or response modification, implementing\nauthentication strategies, rate-limiting, and traffic shaping. API\nguarantee/conformance is defined based on the type of the filter.", "type": "object", "required": [ "type" ], "properties": { "extensionRef": { - "description": "ExtensionRef is an optional, implementation-specific extension to the \"filter\" behavior. For example, resource \"myroutefilter\" in group \"networking.example.net\"). ExtensionRef MUST NOT be used for core and extended filters. \n Support: Implementation-specific \n This filter can be used multiple times within the same rule.", + "description": "ExtensionRef is an optional, implementation-specific extension to the\n\"filter\" behavior. For example, resource \"myroutefilter\" in group\n\"networking.example.net\"). ExtensionRef MUST NOT be used for core and\nextended filters.\n\n\nSupport: Implementation-specific\n\n\nThis filter can be used multiple times within the same rule.", "type": "object", "required": [ "group", @@ -514,7 +514,7 @@ ], "properties": { "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred.", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "type": "string", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" @@ -536,11 +536,11 @@ "additionalProperties": false }, "requestHeaderModifier": { - "description": "RequestHeaderModifier defines a schema for a filter that modifies request headers. \n Support: Core", + "description": "RequestHeaderModifier defines a schema for a filter that modifies request\nheaders.\n\n\nSupport: Core", "type": "object", "properties": { "add": { - "description": "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz", + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "type": "array", "maxItems": 16, "items": { @@ -552,7 +552,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -573,7 +573,7 @@ "x-kubernetes-list-type": "map" }, "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar", + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", "type": "array", "maxItems": 16, "items": { @@ -582,7 +582,7 @@ "x-kubernetes-list-type": "set" }, "set": { - "description": "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar", + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "type": "array", "maxItems": 16, "items": { @@ -594,7 +594,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -618,28 +618,28 @@ "additionalProperties": false }, "requestMirror": { - "description": "RequestMirror defines a schema for a filter that mirrors requests. Requests are sent to the specified destination, but responses from that destination are ignored. \n This filter can be used multiple times within the same rule. Note that not all implementations will be able to support mirroring to multiple backends. \n Support: Extended", + "description": "RequestMirror defines a schema for a filter that mirrors requests.\nRequests are sent to the specified destination, but responses from\nthat destination are ignored.\n\n\nThis filter can be used multiple times within the same rule. Note that\nnot all implementations will be able to support mirroring to multiple\nbackends.\n\n\nSupport: Extended", "type": "object", "required": [ "backendRef" ], "properties": { "backendRef": { - "description": "BackendRef references a resource where mirrored requests are sent. \n Mirrored requests must be sent only to a single destination endpoint within this BackendRef, irrespective of how many endpoints are present within this BackendRef. \n If the referent cannot be found, this BackendRef is invalid and must be dropped from the Gateway. The controller must ensure the \"ResolvedRefs\" condition on the Route status is set to `status: False` and not configure this backend in the underlying implementation. \n If there is a cross-namespace reference to an *existing* object that is not allowed by a ReferenceGrant, the controller must ensure the \"ResolvedRefs\" condition on the Route is set to `status: False`, with the \"RefNotPermitted\" reason and not configure this backend in the underlying implementation. \n In either error case, the Message of the `ResolvedRefs` Condition should be used to provide more detail about the problem. \n Support: Extended for Kubernetes Service \n Support: Implementation-specific for any other resource", + "description": "BackendRef references a resource where mirrored requests are sent.\n\n\nMirrored requests must be sent only to a single destination endpoint\nwithin this BackendRef, irrespective of how many endpoints are present\nwithin this BackendRef.\n\n\nIf the referent cannot be found, this BackendRef is invalid and must be\ndropped from the Gateway. The controller must ensure the \"ResolvedRefs\"\ncondition on the Route status is set to `status: False` and not configure\nthis backend in the underlying implementation.\n\n\nIf there is a cross-namespace reference to an *existing* object\nthat is not allowed by a ReferenceGrant, the controller must ensure the\n\"ResolvedRefs\" condition on the Route is set to `status: False`,\nwith the \"RefNotPermitted\" reason and not configure this backend in the\nunderlying implementation.\n\n\nIn either error case, the Message of the `ResolvedRefs` Condition\nshould be used to provide more detail about the problem.\n\n\nSupport: Extended for Kubernetes Service\n\n\nSupport: Implementation-specific for any other resource", "type": "object", "required": [ "name" ], "properties": { "group": { - "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\". When unspecified or empty string, core API group is inferred.", + "description": "Group is the group of the referent. For example, \"gateway.networking.k8s.io\".\nWhen unspecified or empty string, core API group is inferred.", "type": "string", "default": "", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { - "description": "Kind is the Kubernetes resource kind of the referent. For example \"Service\". \n Defaults to \"Service\" when not specified. \n ExternalName services can refer to CNAME DNS records that may live outside of the cluster and as such are difficult to reason about in terms of conformance. They also may not be safe to forward to (see CVE-2021-25740 for more information). Implementations SHOULD NOT support ExternalName Services. \n Support: Core (Services with a type other than ExternalName) \n Support: Implementation-specific (Services with type ExternalName)", + "description": "Kind is the Kubernetes resource kind of the referent. For example\n\"Service\".\n\n\nDefaults to \"Service\" when not specified.\n\n\nExternalName services can refer to CNAME DNS records that may live\noutside of the cluster and as such are difficult to reason about in\nterms of conformance. They also may not be safe to forward to (see\nCVE-2021-25740 for more information). Implementations SHOULD NOT\nsupport ExternalName Services.\n\n\nSupport: Core (Services with a type other than ExternalName)\n\n\nSupport: Implementation-specific (Services with type ExternalName)", "type": "string", "default": "Service", "maxLength": 63, @@ -653,14 +653,14 @@ "minLength": 1 }, "namespace": { - "description": "Namespace is the namespace of the backend. When unspecified, the local namespace is inferred. \n Note that when a namespace different than the local namespace is specified, a ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. \n Support: Core", + "description": "Namespace is the namespace of the backend. When unspecified, the local\nnamespace is inferred.\n\n\nNote that when a namespace different than the local namespace is specified,\na ReferenceGrant object is required in the referent namespace to allow that\nnamespace's owner to accept the reference. See the ReferenceGrant\ndocumentation for details.\n\n\nSupport: Core", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" }, "port": { - "description": "Port specifies the destination port number to use for this resource. Port is required when the referent is a Kubernetes Service. In this case, the port number is the service port number, not the target port. For other resources, destination port might be derived from the referent resource or this field.", + "description": "Port specifies the destination port number to use for this resource.\nPort is required when the referent is a Kubernetes Service. In this\ncase, the port number is the service port number, not the target port.\nFor other resources, destination port might be derived from the referent\nresource or this field.", "type": "integer", "format": "int32", "maximum": 65535, @@ -679,11 +679,11 @@ "additionalProperties": false }, "responseHeaderModifier": { - "description": "ResponseHeaderModifier defines a schema for a filter that modifies response headers. \n Support: Extended", + "description": "ResponseHeaderModifier defines a schema for a filter that modifies response\nheaders.\n\n\nSupport: Extended", "type": "object", "properties": { "add": { - "description": "Add adds the given header(s) (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: - name: \"my-header\" value: \"bar,baz\" \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz", + "description": "Add adds the given header(s) (name, value) to the request\nbefore the action. It appends to any existing values associated\nwith the header name.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n add:\n - name: \"my-header\"\n value: \"bar,baz\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: foo,bar,baz", "type": "array", "maxItems": 16, "items": { @@ -695,7 +695,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -716,7 +716,7 @@ "x-kubernetes-list-type": "map" }, "remove": { - "description": "Remove the given header(s) from the HTTP request before the action. The value of Remove is a list of HTTP header names. Note that the header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar", + "description": "Remove the given header(s) from the HTTP request before the action. The\nvalue of Remove is a list of HTTP header names. Note that the header\nnames are case-insensitive (see\nhttps://datatracker.ietf.org/doc/html/rfc2616#section-4.2).\n\n\nInput:\n GET /foo HTTP/1.1\n my-header1: foo\n my-header2: bar\n my-header3: baz\n\n\nConfig:\n remove: [\"my-header1\", \"my-header3\"]\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header2: bar", "type": "array", "maxItems": 16, "items": { @@ -725,7 +725,7 @@ "x-kubernetes-list-type": "set" }, "set": { - "description": "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: - name: \"my-header\" value: \"bar\" \n Output: GET /foo HTTP/1.1 my-header: bar", + "description": "Set overwrites the request with the given header (name, value)\nbefore the action.\n\n\nInput:\n GET /foo HTTP/1.1\n my-header: foo\n\n\nConfig:\n set:\n - name: \"my-header\"\n value: \"bar\"\n\n\nOutput:\n GET /foo HTTP/1.1\n my-header: bar", "type": "array", "maxItems": 16, "items": { @@ -737,7 +737,7 @@ ], "properties": { "name": { - "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). \n If multiple entries specify equivalent header names, the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the HTTP Header to be matched. Name matching MUST be\ncase insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).\n\n\nIf multiple entries specify equivalent header names, the first entry with\nan equivalent name MUST be considered for a match. Subsequent entries\nwith an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -761,7 +761,7 @@ "additionalProperties": false }, "type": { - "description": "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations supporting GRPCRoute MUST support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Implementation-specific: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` MUST be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior. \n If a reference to a custom filter type cannot be resolved, the filter MUST NOT be skipped. Instead, requests that would have been processed by that filter MUST receive a HTTP error response. \n ", + "description": "Type identifies the type of filter to apply. As with other API fields,\ntypes are classified into three conformance levels:\n\n\n- Core: Filter types and their corresponding configuration defined by\n \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All\n implementations supporting GRPCRoute MUST support core filters.\n\n\n- Extended: Filter types and their corresponding configuration defined by\n \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers\n are encouraged to support extended filters.\n\n\n- Implementation-specific: Filters that are defined and supported by specific vendors.\n In the future, filters showing convergence in behavior across multiple\n implementations will be considered for inclusion in extended or core\n conformance levels. Filter-specific configuration for such filters\n is specified using the ExtensionRef field. `Type` MUST be set to\n \"ExtensionRef\" for custom filters.\n\n\nImplementers are encouraged to define custom implementation types to\nextend the core API with implementation-specific behavior.\n\n\nIf a reference to a custom filter type cannot be resolved, the filter\nMUST NOT be skipped. Instead, requests that would have been processed by\nthat filter MUST receive a HTTP error response.\n\n\n", "type": "string", "enum": [ "ResponseHeaderModifier", @@ -819,19 +819,19 @@ ] }, "matches": { - "description": "Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - method: service: foo.bar headers: values: version: 2 - method: service: foo.bar.v2 ``` \n For a request to match against this rule, it MUST satisfy EITHER of the two conditions: \n - service of foo.bar AND contains the header `version: 2` - service of foo.bar.v2 \n See the documentation for GRPCRouteMatch on how to specify multiple match conditions to be ANDed together. \n If no matches are specified, the implementation MUST match every gRPC request. \n Proxy or Load Balancer routing configuration generated from GRPCRoutes MUST prioritize rules based on the following criteria, continuing on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes. Precedence MUST be given to the rule with the largest number of: \n * Characters in a matching non-wildcard hostname. * Characters in a matching hostname. * Characters in a matching service. * Characters in a matching method. * Header matches. \n If ties still exist across multiple Routes, matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The oldest Route based on creation timestamp. * The Route appearing first in alphabetical order by \"{namespace}/{name}\". \n If ties still exist within the Route that has been given precedence, matching precedence MUST be granted to the first matching rule meeting the above criteria.", + "description": "Matches define conditions used for matching the rule against incoming\ngRPC requests. Each match is independent, i.e. this rule will be matched\nif **any** one of the matches is satisfied.\n\n\nFor example, take the following matches configuration:\n\n\n```\nmatches:\n- method:\n service: foo.bar\n headers:\n values:\n version: 2\n- method:\n service: foo.bar.v2\n```\n\n\nFor a request to match against this rule, it MUST satisfy\nEITHER of the two conditions:\n\n\n- service of foo.bar AND contains the header `version: 2`\n- service of foo.bar.v2\n\n\nSee the documentation for GRPCRouteMatch on how to specify multiple\nmatch conditions to be ANDed together.\n\n\nIf no matches are specified, the implementation MUST match every gRPC request.\n\n\nProxy or Load Balancer routing configuration generated from GRPCRoutes\nMUST prioritize rules based on the following criteria, continuing on\nties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.\nPrecedence MUST be given to the rule with the largest number of:\n\n\n* Characters in a matching non-wildcard hostname.\n* Characters in a matching hostname.\n* Characters in a matching service.\n* Characters in a matching method.\n* Header matches.\n\n\nIf ties still exist across multiple Routes, matching precedence MUST be\ndetermined in order of the following criteria, continuing on ties:\n\n\n* The oldest Route based on creation timestamp.\n* The Route appearing first in alphabetical order by\n \"{namespace}/{name}\".\n\n\nIf ties still exist within the Route that has been given precedence,\nmatching precedence MUST be granted to the first matching rule meeting\nthe above criteria.", "type": "array", "maxItems": 8, "items": { - "description": "GRPCRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a gRPC request only if its service is `foo` AND it contains the `version: v1` header: \n ``` matches: - method: type: Exact service: \"foo\" headers: - name: \"version\" value \"v1\" \n ```", + "description": "GRPCRouteMatch defines the predicate used to match requests to a given\naction. Multiple match types are ANDed together, i.e. the match will\nevaluate to true only if all conditions are satisfied.\n\n\nFor example, the match below will match a gRPC request only if its service\nis `foo` AND it contains the `version: v1` header:\n\n\n```\nmatches:\n - method:\n type: Exact\n service: \"foo\"\n headers:\n - name: \"version\"\n value \"v1\"\n\n\n```", "type": "object", "properties": { "headers": { - "description": "Headers specifies gRPC request header matchers. Multiple match values are ANDed together, meaning, a request MUST match all the specified headers to select the route.", + "description": "Headers specifies gRPC request header matchers. Multiple match values are\nANDed together, meaning, a request MUST match all the specified headers\nto select the route.", "type": "array", "maxItems": 16, "items": { - "description": "GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request headers.", + "description": "GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request\nheaders.", "type": "object", "required": [ "name", @@ -839,7 +839,7 @@ ], "properties": { "name": { - "description": "Name is the name of the gRPC Header to be matched. \n If multiple entries specify equivalent header names, only the first entry with an equivalent name MUST be considered for a match. Subsequent entries with an equivalent header name MUST be ignored. Due to the case-insensitivity of header names, \"foo\" and \"Foo\" are considered equivalent.", + "description": "Name is the name of the gRPC Header to be matched.\n\n\nIf multiple entries specify equivalent header names, only the first\nentry with an equivalent name MUST be considered for a match. Subsequent\nentries with an equivalent header name MUST be ignored. Due to the\ncase-insensitivity of header names, \"foo\" and \"Foo\" are considered\nequivalent.", "type": "string", "maxLength": 256, "minLength": 1, @@ -869,21 +869,21 @@ "x-kubernetes-list-type": "map" }, "method": { - "description": "Method specifies a gRPC request service/method matcher. If this field is not specified, all services and methods will match.", + "description": "Method specifies a gRPC request service/method matcher. If this field is\nnot specified, all services and methods will match.", "type": "object", "properties": { "method": { - "description": "Value of the method to match against. If left empty or omitted, will match all services. \n At least one of Service and Method MUST be a non-empty string.", + "description": "Value of the method to match against. If left empty or omitted, will\nmatch all services.\n\n\nAt least one of Service and Method MUST be a non-empty string.", "type": "string", "maxLength": 1024 }, "service": { - "description": "Value of the service to match against. If left empty or omitted, will match any service. \n At least one of Service and Method MUST be a non-empty string.", + "description": "Value of the service to match against. If left empty or omitted, will\nmatch any service.\n\n\nAt least one of Service and Method MUST be a non-empty string.", "type": "string", "maxLength": 1024 }, "type": { - "description": "Type specifies how to match against the service and/or method. Support: Core (Exact with service and method specified) \n Support: Implementation-specific (Exact with method specified but no service specified) \n Support: Implementation-specific (RegularExpression)", + "description": "Type specifies how to match against the service and/or method.\nSupport: Core (Exact with service and method specified)\n\n\nSupport: Implementation-specific (Exact with method specified but no service specified)\n\n\nSupport: Implementation-specific (RegularExpression)", "type": "string", "default": "Exact", "enum": [ @@ -927,11 +927,11 @@ ], "properties": { "parents": { - "description": "Parents is a list of parent resources (usually Gateways) that are associated with the route, and the status of the route with respect to each parent. When this route attaches to a parent, the controller that manages the parent must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route or gateway is modified. \n Note that parent references that cannot be resolved by an implementation of this API will not be added to this list. Implementations of this API can only populate Route status for the Gateways/parent resources they are responsible for. \n A maximum of 32 Gateways will be represented in this list. An empty list means the route has not been attached to any Gateway.", + "description": "Parents is a list of parent resources (usually Gateways) that are\nassociated with the route, and the status of the route with respect to\neach parent. When this route attaches to a parent, the controller that\nmanages the parent must add an entry to this list when the controller\nfirst sees the route and should update the entry as appropriate when the\nroute or gateway is modified.\n\n\nNote that parent references that cannot be resolved by an implementation\nof this API will not be added to this list. Implementations of this API\ncan only populate Route status for the Gateways/parent resources they are\nresponsible for.\n\n\nA maximum of 32 Gateways will be represented in this list. An empty list\nmeans the route has not been attached to any Gateway.", "type": "array", "maxItems": 32, "items": { - "description": "RouteParentStatus describes the status of a route with respect to an associated Parent.", + "description": "RouteParentStatus describes the status of a route with respect to an\nassociated Parent.", "type": "object", "required": [ "controllerName", @@ -939,12 +939,12 @@ ], "properties": { "conditions": { - "description": "Conditions describes the status of the route with respect to the Gateway. Note that the route's availability is also subject to the Gateway's own status conditions and listener status. \n If the Route's ParentRef specifies an existing Gateway that supports Routes of this kind AND that Gateway's controller has sufficient access, then that Gateway's controller MUST set the \"Accepted\" condition on the Route, to indicate whether the route has been accepted or rejected by the Gateway, and why. \n A Route MUST be considered \"Accepted\" if at least one of the Route's rules is implemented by the Gateway. \n There are a number of cases where the \"Accepted\" condition may not be set due to lack of controller visibility, that includes when: \n * The Route refers to a non-existent parent. * The Route is of a type that the controller does not support. * The Route is in a namespace the controller does not have access to.", + "description": "Conditions describes the status of the route with respect to the Gateway.\nNote that the route's availability is also subject to the Gateway's own\nstatus conditions and listener status.\n\n\nIf the Route's ParentRef specifies an existing Gateway that supports\nRoutes of this kind AND that Gateway's controller has sufficient access,\nthen that Gateway's controller MUST set the \"Accepted\" condition on the\nRoute, to indicate whether the route has been accepted or rejected by the\nGateway, and why.\n\n\nA Route MUST be considered \"Accepted\" if at least one of the Route's\nrules is implemented by the Gateway.\n\n\nThere are a number of cases where the \"Accepted\" condition may not be set\ndue to lack of controller visibility, that includes when:\n\n\n* The Route refers to a non-existent parent.\n* The Route is of a type that the controller does not support.\n* The Route is in a namespace the controller does not have access to.", "type": "array", "maxItems": 8, "minItems": 1, "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "description": "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}", "type": "object", "required": [ "lastTransitionTime", @@ -955,23 +955,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -987,7 +987,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -1001,28 +1001,28 @@ "x-kubernetes-list-type": "map" }, "controllerName": { - "description": "ControllerName is a domain/path string that indicates the name of the controller that wrote this status. This corresponds with the controllerName field on GatewayClass. \n Example: \"example.net/gateway-controller\". \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Controllers MUST populate this field when writing status. Controllers should ensure that entries to status populated with their ControllerName are cleaned up when they are no longer necessary.", + "description": "ControllerName is a domain/path string that indicates the name of the\ncontroller that wrote this status. This corresponds with the\ncontrollerName field on GatewayClass.\n\n\nExample: \"example.net/gateway-controller\".\n\n\nThe format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are\nvalid Kubernetes names\n(https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).\n\n\nControllers MUST populate this field when writing status. Controllers should ensure that\nentries to status populated with their ControllerName are cleaned up when they are no\nlonger necessary.", "type": "string", "maxLength": 253, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\\/[A-Za-z0-9\\/\\-._~%!$\u0026'()*+,;=:]+$" }, "parentRef": { - "description": "ParentRef corresponds with a ParentRef in the spec that this RouteParentStatus struct describes the status of.", + "description": "ParentRef corresponds with a ParentRef in the spec that this\nRouteParentStatus struct describes the status of.", "type": "object", "required": [ "name" ], "properties": { "group": { - "description": "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core", + "description": "Group is the group of the referent.\nWhen unspecified, \"gateway.networking.k8s.io\" is inferred.\nTo set the core API group (such as for a \"Service\" kind referent),\nGroup must be explicitly set to \"\" (empty string).\n\n\nSupport: Core", "type": "string", "default": "gateway.networking.k8s.io", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { - "description": "Kind is kind of the referent. \n There are two kinds of parent resources with \"Core\" support: \n * Gateway (Gateway conformance profile) * Service (Mesh conformance profile, experimental, ClusterIP Services only) \n Support for other resources is Implementation-Specific.", + "description": "Kind is kind of the referent.\n\n\nThere are two kinds of parent resources with \"Core\" support:\n\n\n* Gateway (Gateway conformance profile)\n* Service (Mesh conformance profile, ClusterIP Services only)\n\n\nSupport for other resources is Implementation-Specific.", "type": "string", "default": "Gateway", "maxLength": 63, @@ -1030,27 +1030,27 @@ "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" }, "name": { - "description": "Name is the name of the referent. \n Support: Core", + "description": "Name is the name of the referent.\n\n\nSupport: Core", "type": "string", "maxLength": 253, "minLength": 1 }, "namespace": { - "description": "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core", + "description": "Namespace is the namespace of the referent. When unspecified, this refers\nto the local namespace of the Route.\n\n\nNote that there are specific rules for ParentRefs which cross namespace\nboundaries. Cross-namespace references are only valid if they are explicitly\nallowed by something in the namespace they are referring to. For example:\nGateway has the AllowedRoutes field, and ReferenceGrant provides a\ngeneric way to enable any other kind of cross-namespace reference.\n\n\n\n\n\nSupport: Core", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" }, "port": { - "description": "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n ", + "description": "Port is the network port this Route targets. It can be interpreted\ndifferently based on the type of parent resource.\n\n\nWhen the parent resource is a Gateway, this targets all listeners\nlistening on the specified port that also support this kind of Route(and\nselect this Route). It's not recommended to set `Port` unless the\nnetworking behaviors specified in a Route must apply to a specific port\nas opposed to a listener(s) whose port(s) may be changed. When both Port\nand SectionName are specified, the name and port of the selected listener\nmust match both specified values.\n\n\n\n\n\nImplementations MAY choose to support other parent resources.\nImplementations supporting other types of parent resources MUST clearly\ndocument how/if Port is interpreted.\n\n\nFor the purpose of status, an attachment is considered successful as\nlong as the parent resource accepts it partially. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment\nfrom the referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route,\nthe Route MUST be considered detached from the Gateway.\n\n\nSupport: Extended", "type": "integer", "format": "int32", "maximum": 65535, "minimum": 1 }, "sectionName": { - "description": "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. * Service: Port Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. Note that attaching Routes to Services as Parents is part of experimental Mesh support and is not supported for any other purpose. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core", + "description": "SectionName is the name of a section within the target resource. In the\nfollowing resources, SectionName is interpreted as the following:\n\n\n* Gateway: Listener name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n* Service: Port name. When both Port (experimental) and SectionName\nare specified, the name and port of the selected listener must match\nboth specified values.\n\n\nImplementations MAY choose to support attaching Routes to other resources.\nIf that is the case, they MUST clearly document how SectionName is\ninterpreted.\n\n\nWhen unspecified (empty string), this will reference the entire resource.\nFor the purpose of status, an attachment is considered successful if at\nleast one section in the parent resource accepts it. For example, Gateway\nlisteners can restrict which Routes can attach to them by Route kind,\nnamespace, or hostname. If 1 of 2 Gateway listeners accept attachment from\nthe referencing Route, the Route MUST be considered successfully\nattached. If no Gateway listeners accept attachment from this Route, the\nRoute MUST be considered detached from the Gateway.\n\n\nSupport: Core", "type": "string", "maxLength": 253, "minLength": 1, diff --git a/schema/gateway.networking.k8s.io/referencegrant_v1alpha2.json b/schema/gateway.networking.k8s.io/referencegrant_v1alpha2.json index d684c350c..56b13aa3d 100644 --- a/schema/gateway.networking.k8s.io/referencegrant_v1alpha2.json +++ b/schema/gateway.networking.k8s.io/referencegrant_v1alpha2.json @@ -1,13 +1,13 @@ { - "description": "ReferenceGrant identifies kinds of resources in other namespaces that are trusted to reference the specified kinds of resources in the same namespace as the policy. \n Each ReferenceGrant can be used to represent a unique trust relationship. Additional Reference Grants can be used to add to the set of trusted sources of inbound references for the namespace they are defined within. \n A ReferenceGrant is required for all cross-namespace references in Gateway API (with the exception of cross-namespace Route-Gateway attachment, which is governed by the AllowedRoutes configuration on the Gateway, and cross-namespace Service ParentRefs on a \"consumer\" mesh Route, which defines routing rules applicable only to workloads in the Route namespace). ReferenceGrants allowing a reference from a Route to a Service are only applicable to BackendRefs. \n ReferenceGrant is a form of runtime verification allowing users to assert which cross-namespace object references are permitted. Implementations that support ReferenceGrant MUST NOT permit cross-namespace references which have no grant, and MUST respond to the removal of a grant by revoking the access that the grant allowed.", + "description": "ReferenceGrant identifies kinds of resources in other namespaces that are\ntrusted to reference the specified kinds of resources in the same namespace\nas the policy.\n\n\nEach ReferenceGrant can be used to represent a unique trust relationship.\nAdditional Reference Grants can be used to add to the set of trusted\nsources of inbound references for the namespace they are defined within.\n\n\nA ReferenceGrant is required for all cross-namespace references in Gateway API\n(with the exception of cross-namespace Route-Gateway attachment, which is\ngoverned by the AllowedRoutes configuration on the Gateway, and cross-namespace\nService ParentRefs on a \"consumer\" mesh Route, which defines routing rules\napplicable only to workloads in the Route namespace). ReferenceGrants allowing\na reference from a Route to a Service are only applicable to BackendRefs.\n\n\nReferenceGrant is a form of runtime verification allowing users to assert\nwhich cross-namespace object references are permitted. Implementations that\nsupport ReferenceGrant MUST NOT permit cross-namespace references which have\nno grant, and MUST respond to the removal of a grant by revoking the access\nthat the grant allowed.", "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -22,7 +22,7 @@ ], "properties": { "from": { - "description": "From describes the trusted namespaces and kinds that can reference the resources described in \"To\". Each entry in this list MUST be considered to be an additional place that references can be valid from, or to put this another way, entries MUST be combined using OR. \n Support: Core", + "description": "From describes the trusted namespaces and kinds that can reference the\nresources described in \"To\". Each entry in this list MUST be considered\nto be an additional place that references can be valid from, or to put\nthis another way, entries MUST be combined using OR.\n\n\nSupport: Core", "type": "array", "maxItems": 16, "minItems": 1, @@ -36,20 +36,20 @@ ], "properties": { "group": { - "description": "Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core", + "description": "Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core", "type": "string", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { - "description": "Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field. \n When used to permit a SecretObjectReference: \n * Gateway \n When used to permit a BackendObjectReference: \n * GRPCRoute * HTTPRoute * TCPRoute * TLSRoute * UDPRoute", + "description": "Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field.\n\n\nWhen used to permit a SecretObjectReference:\n\n\n* Gateway\n\n\nWhen used to permit a BackendObjectReference:\n\n\n* GRPCRoute\n* HTTPRoute\n* TCPRoute\n* TLSRoute\n* UDPRoute", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" }, "namespace": { - "description": "Namespace is the namespace of the referent. \n Support: Core", + "description": "Namespace is the namespace of the referent.\n\n\nSupport: Core", "type": "string", "maxLength": 63, "minLength": 1, @@ -60,12 +60,12 @@ } }, "to": { - "description": "To describes the resources that may be referenced by the resources described in \"From\". Each entry in this list MUST be considered to be an additional place that references can be valid to, or to put this another way, entries MUST be combined using OR. \n Support: Core", + "description": "To describes the resources that may be referenced by the resources\ndescribed in \"From\". Each entry in this list MUST be considered to be an\nadditional place that references can be valid to, or to put this another\nway, entries MUST be combined using OR.\n\n\nSupport: Core", "type": "array", "maxItems": 16, "minItems": 1, "items": { - "description": "ReferenceGrantTo describes what Kinds are allowed as targets of the references.", + "description": "ReferenceGrantTo describes what Kinds are allowed as targets of the\nreferences.", "type": "object", "required": [ "group", @@ -73,20 +73,20 @@ ], "properties": { "group": { - "description": "Group is the group of the referent. When empty, the Kubernetes core API group is inferred. \n Support: Core", + "description": "Group is the group of the referent.\nWhen empty, the Kubernetes core API group is inferred.\n\n\nSupport: Core", "type": "string", "maxLength": 253, "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "kind": { - "description": "Kind is the kind of the referent. Although implementations may support additional resources, the following types are part of the \"Core\" support level for this field: \n * Secret when used to permit a SecretObjectReference * Service when used to permit a BackendObjectReference", + "description": "Kind is the kind of the referent. Although implementations may support\nadditional resources, the following types are part of the \"Core\"\nsupport level for this field:\n\n\n* Secret when used to permit a SecretObjectReference\n* Service when used to permit a BackendObjectReference", "type": "string", "maxLength": 63, "minLength": 1, "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" }, "name": { - "description": "Name is the name of the referent. When unspecified, this policy refers to all resources of the specified Group and Kind in the local namespace.", + "description": "Name is the name of the referent. When unspecified, this policy\nrefers to all resources of the specified Group and Kind in the local\nnamespace.", "type": "string", "maxLength": 253, "minLength": 1 diff --git a/schema/helm.toolkit.fluxcd.io/helmrelease_v2alpha1.json b/schema/helm.toolkit.fluxcd.io/helmrelease_v2alpha1.json index d7e8b39c6..d32f93b56 100644 --- a/schema/helm.toolkit.fluxcd.io/helmrelease_v2alpha1.json +++ b/schema/helm.toolkit.fluxcd.io/helmrelease_v2alpha1.json @@ -1,16 +1,20 @@ { + "description": "HelmRelease is the Schema for the helmreleases API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "HelmReleaseSpec defines the desired state of HelmRelease.", "type": "object", "required": [ "chart", @@ -18,12 +22,14 @@ ], "properties": { "chart": { + "description": "Chart defines the template of the v1alpha1.HelmChart that should be created for this HelmRelease.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec holds the template for the v1alpha1.HelmChartSpec for this HelmRelease.", "type": "object", "required": [ "chart", @@ -31,21 +37,26 @@ ], "properties": { "chart": { + "description": "The name or path the Helm chart is available at in the SourceRef.", "type": "string" }, "interval": { + "description": "Interval at which to check the v1alpha1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'.", "type": "string" }, "sourceRef": { + "description": "The name and namespace of the v1alpha1.Source the chart is available at.", "type": "object", "required": [ "name" ], "properties": { "apiVersion": { + "description": "APIVersion of the referent.", "type": "string" }, "kind": { + "description": "Kind of the referent.", "type": "string", "enum": [ "HelmRepository", @@ -54,11 +65,13 @@ ] }, "name": { + "description": "Name of the referent.", "type": "string", "maxLength": 253, "minLength": 1 }, "namespace": { + "description": "Namespace of the referent.", "type": "string", "maxLength": 63, "minLength": 1 @@ -67,9 +80,11 @@ "additionalProperties": false }, "valuesFile": { + "description": "Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.", "type": "string" }, "version": { + "description": "Version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.", "type": "string" } }, @@ -79,17 +94,21 @@ "additionalProperties": false }, "dependsOn": { + "description": "DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled.", "type": "array", "items": { + "description": "CrossNamespaceDependencyReference holds the reference to a dependency.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name holds the name reference of a dependency.", "type": "string" }, "namespace": { + "description": "Namespace holds the namespace reference of a dependency.", "type": "string" } }, @@ -97,154 +116,198 @@ } }, "install": { + "description": "Install holds the configuration for Helm install actions for this HelmRelease.", "type": "object", "properties": { "disableHooks": { + "description": "DisableHooks prevents hooks from running during the Helm install action.", "type": "boolean" }, "disableOpenAPIValidation": { + "description": "DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.", "type": "boolean" }, "disableWait": { + "description": "DisableWait disables the waiting for resources to be ready after a Helm install has been performed.", "type": "boolean" }, "remediation": { + "description": "Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action.", "type": "object", "properties": { "ignoreTestFailures": { + "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'.", "type": "boolean" }, "remediateLastFailure": { + "description": "RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'.", "type": "boolean" }, "retries": { + "description": "Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.", "type": "integer" } }, "additionalProperties": false }, "replace": { + "description": "Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history.", "type": "boolean" }, "skipCRDs": { + "description": "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present.", "type": "boolean" }, "timeout": { + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string" } }, "additionalProperties": false }, "interval": { + "description": "Interval at which to reconcile the Helm release.", "type": "string" }, "maxHistory": { + "description": "MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.", "type": "integer" }, "releaseName": { + "description": "ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.", "type": "string", "maxLength": 53, "minLength": 1 }, "rollback": { + "description": "Rollback holds the configuration for Helm rollback actions for this HelmRelease.", "type": "object", "properties": { "cleanupOnFail": { + "description": "CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails.", "type": "boolean" }, "disableHooks": { + "description": "DisableHooks prevents hooks from running during the Helm rollback action.", "type": "boolean" }, "disableWait": { + "description": "DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed.", "type": "boolean" }, "force": { + "description": "Force forces resource updates through a replacement strategy.", "type": "boolean" }, "recreate": { + "description": "Recreate performs pod restarts for the resource if applicable.", "type": "boolean" }, "timeout": { + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.", "type": "boolean" }, "targetNamespace": { + "description": "TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.", "type": "string", "maxLength": 63, "minLength": 1 }, "test": { + "description": "Test holds the configuration for Helm test actions for this HelmRelease.", "type": "object", "properties": { "enable": { + "description": "Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed.", "type": "boolean" }, "ignoreFailures": { + "description": "IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.", "type": "boolean" }, "timeout": { + "description": "Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string" } }, "additionalProperties": false }, "timeout": { + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'.", "type": "string" }, "uninstall": { + "description": "Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.", "type": "object", "properties": { "disableHooks": { + "description": "DisableHooks prevents hooks from running during the Helm rollback action.", "type": "boolean" }, "keepHistory": { + "description": "KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history.", "type": "boolean" }, "timeout": { + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string" } }, "additionalProperties": false }, "upgrade": { + "description": "Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.", "type": "object", "properties": { "cleanupOnFail": { + "description": "CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails.", "type": "boolean" }, "disableHooks": { + "description": "DisableHooks prevents hooks from running during the Helm upgrade action.", "type": "boolean" }, "disableOpenAPIValidation": { + "description": "DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.", "type": "boolean" }, "disableWait": { + "description": "DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.", "type": "boolean" }, "force": { + "description": "Force forces resource updates through a replacement strategy.", "type": "boolean" }, "preserveValues": { + "description": "PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative.", "type": "boolean" }, "remediation": { + "description": "Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action.", "type": "object", "properties": { "ignoreTestFailures": { + "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'.", "type": "boolean" }, "remediateLastFailure": { + "description": "RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.", "type": "boolean" }, "retries": { + "description": "Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.", "type": "integer" }, "strategy": { + "description": "Strategy to use for failure remediation. Defaults to 'rollback'.", "type": "string", "enum": [ "rollback", @@ -255,17 +318,21 @@ "additionalProperties": false }, "timeout": { + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string" } }, "additionalProperties": false }, "values": { + "description": "Values holds the values for this Helm release.", "x-kubernetes-preserve-unknown-fields": true }, "valuesFrom": { + "description": "ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged.", "type": "array", "items": { + "description": "ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at.", "type": "object", "required": [ "kind", @@ -273,6 +340,7 @@ ], "properties": { "kind": { + "description": "Kind of the values referent, valid values are ('Secret', 'ConfigMap').", "type": "string", "enum": [ "Secret", @@ -280,17 +348,21 @@ ] }, "name": { + "description": "Name of the values referent. Should reside in the same namespace as the referring resource.", "type": "string", "maxLength": 253, "minLength": 1 }, "optional": { + "description": "Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.", "type": "boolean" }, "targetPath": { + "description": "TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.", "type": "string" }, "valuesKey": { + "description": "ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'.", "type": "string" } }, @@ -301,11 +373,14 @@ "additionalProperties": false }, "status": { + "description": "HelmReleaseStatus defines the observed state of HelmRelease", "type": "object", "properties": { "conditions": { + "description": "Conditions holds the conditions for the HelmRelease.", "type": "array", "items": { + "description": "Condition contains condition information for a HelmRelease.", "type": "object", "required": [ "status", @@ -313,19 +388,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, one of ('Ready', 'Install', 'Upgrade', 'Test', 'Rollback', 'Uninstall').", "type": "string" } }, @@ -333,37 +413,47 @@ } }, "failures": { + "description": "Failures is the reconciliation failure count against the latest observed state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" }, "helmChart": { + "description": "HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.", "type": "string" }, "installFailures": { + "description": "InstallFailures is the install failure count against the latest observed state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" }, "lastAppliedRevision": { + "description": "LastAppliedRevision is the revision of the last successfully applied source.", "type": "string" }, "lastAttemptedRevision": { + "description": "LastAttemptedRevision is the revision of the last reconciliation attempt.", "type": "string" }, "lastAttemptedValuesChecksum": { + "description": "LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.", "type": "string" }, "lastObservedTime": { + "description": "LastObservedTime is the last time at which the HelmRelease was observed.", "type": "string", "format": "date-time" }, "lastReleaseRevision": { + "description": "LastReleaseRevision is the revision of the last successful Helm release.", "type": "integer" }, "observedGeneration": { + "description": "ObservedGeneration is the last observed generation.", "type": "integer", "format": "int64" }, "upgradeFailures": { + "description": "UpgradeFailures is the upgrade failure count against the latest observed state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" } diff --git a/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json b/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json index 497cd02d8..1a499e62a 100644 --- a/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json +++ b/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -22,7 +22,7 @@ ], "properties": { "chart": { - "description": "Chart defines the template of the v1beta2.HelmChart that should be created\nfor this HelmRelease.", + "description": "Chart defines the template of the v1beta2.HelmChart that should be created for this HelmRelease.", "type": "object", "required": [ "spec" @@ -33,14 +33,14 @@ "type": "object", "properties": { "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", "type": "object", "additionalProperties": { "type": "string" @@ -62,12 +62,12 @@ "type": "string" }, "interval": { - "description": "Interval at which to check the v1beta2.Source for updates. Defaults to\n'HelmReleaseSpec.Interval'.", + "description": "Interval at which to check the v1beta2.Source for updates. Defaults to 'HelmReleaseSpec.Interval'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "reconcileStrategy": { - "description": "Determines what enables the creation of a new artifact. Valid values are\n('ChartVersion', 'Revision').\nSee the documentation of the values for an explanation on their behavior.\nDefaults to ChartVersion when omitted.", + "description": "Determines what enables the creation of a new artifact. Valid values are ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their behavior. Defaults to ChartVersion when omitted.", "type": "string", "default": "ChartVersion", "enum": [ @@ -79,7 +79,6 @@ "description": "The name and namespace of the v1beta2.Source the chart is available at.", "type": "object", "required": [ - "kind", "name" ], "properties": { @@ -112,18 +111,18 @@ "additionalProperties": false }, "valuesFile": { - "description": "Alternative values file to use as the default chart values, expected to\nbe a relative path in the SourceRef. Deprecated in favor of ValuesFiles,\nfor backwards compatibility the file defined here is merged before the\nValuesFiles items. Ignored when omitted.", + "description": "Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted.", "type": "string" }, "valuesFiles": { - "description": "Alternative list of values files to use as the chart values (values.yaml\nis not included by default), expected to be a relative path in the SourceRef.\nValues files are merged in the order of this list with the last file overriding\nthe first. Ignored when omitted.", + "description": "Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted.", "type": "array", "items": { "type": "string" } }, "verify": { - "description": "Verify contains the secret name containing the trusted public keys\nused to verify the signature and specifies which provider to use to check\nwhether OCI image is authentic.\nThis field is only supported for OCI sources.\nChart dependencies, which are not bundled in the umbrella chart artifact, are not verified.", + "description": "Verify contains the secret name containing the trusted public keys used to verify the signature and specifies which provider to use to check whether OCI image is authentic. This field is only supported for OCI sources. Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.", "type": "object", "required": [ "provider" @@ -138,7 +137,7 @@ ] }, "secretRef": { - "description": "SecretRef specifies the Kubernetes Secret containing the\ntrusted public keys.", + "description": "SecretRef specifies the Kubernetes Secret containing the trusted public keys.", "type": "object", "required": [ "name" @@ -155,7 +154,7 @@ "additionalProperties": false }, "version": { - "description": "Version semver expression, ignored for charts from v1beta2.GitRepository and\nv1beta2.Bucket sources. Defaults to latest when omitted.", + "description": "Version semver expression, ignored for charts from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults to latest when omitted.", "type": "string", "default": "*" } @@ -165,46 +164,11 @@ }, "additionalProperties": false }, - "chartRef": { - "description": "ChartRef holds a reference to a source controller resource containing the\nHelm chart artifact.\n\nNote: this field is provisional to the v2 API, and not actively used\nby v2beta1 HelmReleases.", - "type": "object", - "required": [ - "kind", - "name" - ], - "properties": { - "apiVersion": { - "description": "APIVersion of the referent.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.", - "type": "string", - "enum": [ - "OCIRepository", - "HelmChart" - ] - }, - "name": { - "description": "Name of the referent.", - "type": "string", - "maxLength": 253, - "minLength": 1 - }, - "namespace": { - "description": "Namespace of the referent, defaults to the namespace of the Kubernetes\nresource object that contains the reference.", - "type": "string", - "maxLength": 63, - "minLength": 1 - } - }, - "additionalProperties": false - }, "dependsOn": { - "description": "DependsOn may contain a meta.NamespacedObjectReference slice with\nreferences to HelmRelease resources that must be ready before this HelmRelease\ncan be reconciled.", + "description": "DependsOn may contain a meta.NamespacedObjectReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled.", "type": "array", "items": { - "description": "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any\nnamespace.", + "description": "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace.", "type": "object", "required": [ "name" @@ -223,44 +187,44 @@ } }, "driftDetection": { - "description": "DriftDetection holds the configuration for detecting and handling\ndifferences between the manifest in the Helm storage and the resources\ncurrently existing in the cluster.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "DriftDetection holds the configuration for detecting and handling differences between the manifest in the Helm storage and the resources currently existing in the cluster. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "object", "properties": { "ignore": { - "description": "Ignore contains a list of rules for specifying which changes to ignore\nduring diffing.", + "description": "Ignore contains a list of rules for specifying which changes to ignore during diffing.", "type": "array", "items": { - "description": "IgnoreRule defines a rule to selectively disregard specific changes during\nthe drift detection process.", + "description": "IgnoreRule defines a rule to selectively disregard specific changes during the drift detection process.", "type": "object", "required": [ "paths" ], "properties": { "paths": { - "description": "Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from\nconsideration in a Kubernetes object.", + "description": "Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from consideration in a Kubernetes object.", "type": "array", "items": { "type": "string" } }, "target": { - "description": "Target is a selector for specifying Kubernetes objects to which this\nrule applies.\nIf Target is not set, the Paths will be ignored for all Kubernetes\nobjects within the manifest of the Helm release.", + "description": "Target is a selector for specifying Kubernetes objects to which this rule applies. If Target is not set, the Paths will be ignored for all Kubernetes objects within the manifest of the Helm release.", "type": "object", "properties": { "annotationSelector": { - "description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.", + "description": "AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.", "type": "string" }, "group": { - "description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "kind": { - "description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "labelSelector": { - "description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.", + "description": "LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.", "type": "string" }, "name": { @@ -272,7 +236,7 @@ "type": "string" }, "version": { - "description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" } }, @@ -283,7 +247,7 @@ } }, "mode": { - "description": "Mode defines how differences should be handled between the Helm manifest\nand the manifest currently applied to the cluster.\nIf not explicitly set, it defaults to DiffModeDisabled.", + "description": "Mode defines how differences should be handled between the Helm manifest and the manifest currently applied to the cluster. If not explicitly set, it defaults to DiffModeDisabled.", "type": "string", "enum": [ "enabled", @@ -299,7 +263,7 @@ "type": "object", "properties": { "crds": { - "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according\nto the CRD upgrade policy provided here. Valid values are `Skip`,\n`Create` or `CreateReplace`. Default is `Create` and if omitted\nCRDs are installed but not updated.\n\nSkip: do neither install nor replace (update) any CRDs.\n\nCreate: new CRDs are created, existing CRDs are neither updated nor deleted.\n\nCreateReplace: new CRDs are created, existing CRDs are updated (replaced)\nbut not deleted.\n\nBy default, CRDs are applied (installed) during Helm install action.\nWith this option users can opt-in to CRD replace existing CRDs on Helm\ninstall actions, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Create` and if omitted CRDs are installed but not updated. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are applied (installed) during Helm install action. With this option users can opt-in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", "type": "string", "enum": [ "Skip", @@ -308,7 +272,7 @@ ] }, "createNamespace": { - "description": "CreateNamespace tells the Helm install action to create the\nHelmReleaseSpec.TargetNamespace if it does not exist yet.\nOn uninstall, the namespace will not be garbage collected.", + "description": "CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected.", "type": "boolean" }, "disableHooks": { @@ -316,46 +280,46 @@ "type": "boolean" }, "disableOpenAPIValidation": { - "description": "DisableOpenAPIValidation prevents the Helm install action from validating\nrendered templates against the Kubernetes OpenAPI Schema.", + "description": "DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.", "type": "boolean" }, "disableWait": { - "description": "DisableWait disables the waiting for resources to be ready after a Helm\ninstall has been performed.", + "description": "DisableWait disables the waiting for resources to be ready after a Helm install has been performed.", "type": "boolean" }, "disableWaitForJobs": { - "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm\ninstall has been performed.", + "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm install has been performed.", "type": "boolean" }, "remediation": { - "description": "Remediation holds the remediation configuration for when the Helm install\naction for the HelmRelease fails. The default is to not perform any action.", + "description": "Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action.", "type": "object", "properties": { "ignoreTestFailures": { - "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm\ntests are run after an install action but fail. Defaults to\n'Test.IgnoreFailures'.", + "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'.", "type": "boolean" }, "remediateLastFailure": { - "description": "RemediateLastFailure tells the controller to remediate the last failure, when\nno retries remain. Defaults to 'false'.", + "description": "RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'.", "type": "boolean" }, "retries": { - "description": "Retries is the number of retries that should be attempted on failures before\nbailing. Remediation, using an uninstall, is performed between each attempt.\nDefaults to '0', a negative integer equals to unlimited retries.", + "description": "Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.", "type": "integer" } }, "additionalProperties": false }, "replace": { - "description": "Replace tells the Helm install action to re-use the 'ReleaseName', but only\nif that name is a deleted release which remains in the history.", + "description": "Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history.", "type": "boolean" }, "skipCRDs": { - "description": "SkipCRDs tells the Helm install action to not install any CRDs. By default,\nCRDs are installed if not already present.\n\nDeprecated use CRD policy (`crds`) attribute with value `Skip` instead.", + "description": "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. \n Deprecated use CRD policy (`crds`) attribute with value `Skip` instead.", "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm install action. Defaults to\n'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -363,19 +327,19 @@ "additionalProperties": false }, "interval": { - "description": "Interval at which to reconcile the Helm release.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", + "description": "Interval at which to reconcile the Helm release. This interval is approximate and may be subject to jitter to ensure efficient use of resources.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "kubeConfig": { - "description": "KubeConfig for reconciling the HelmRelease on a remote cluster.\nWhen used in combination with HelmReleaseSpec.ServiceAccountName,\nforces the controller to act on behalf of that Service Account at the\ntarget cluster.\nIf the --default-service-account flag is set, its value will be used as\na controller level fallback for when HelmReleaseSpec.ServiceAccountName\nis empty.", + "description": "KubeConfig for reconciling the HelmRelease on a remote cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the --default-service-account flag is set, its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName is empty.", "type": "object", "required": [ "secretRef" ], "properties": { "secretRef": { - "description": "SecretRef holds the name of a secret that contains a key with\nthe kubeconfig file as the value. If no key is set, the key will default\nto 'value'.\nIt is recommended that the kubeconfig is self-contained, and the secret\nis regularly updated if credentials such as a cloud-access-token expire.\nCloud specific `cmd-path` auth helpers will not function without adding\nbinaries and credentials to the Pod that is responsible for reconciling\nKubernetes resources.", + "description": "SecretRef holds the name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources.", "type": "object", "required": [ "name" @@ -396,15 +360,15 @@ "additionalProperties": false }, "maxHistory": { - "description": "MaxHistory is the number of revisions saved by Helm for this HelmRelease.\nUse '0' for an unlimited number of revisions; defaults to '10'.", + "description": "MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.", "type": "integer" }, "persistentClient": { - "description": "PersistentClient tells the controller to use a persistent Kubernetes\nclient for this release. When enabled, the client will be reused for the\nduration of the reconciliation, instead of being created and destroyed\nfor each (step of a) Helm action.\n\nThis can improve performance, but may cause issues with some Helm charts\nthat for example do create Custom Resource Definitions during installation\noutside Helm's CRD lifecycle hooks, which are then not observed to be\navailable by e.g. post-install hooks.\n\nIf not set, it defaults to true.", + "description": "PersistentClient tells the controller to use a persistent Kubernetes client for this release. When enabled, the client will be reused for the duration of the reconciliation, instead of being created and destroyed for each (step of a) Helm action. \n This can improve performance, but may cause issues with some Helm charts that for example do create Custom Resource Definitions during installation outside Helm's CRD lifecycle hooks, which are then not observed to be available by e.g. post-install hooks. \n If not set, it defaults to true.", "type": "boolean" }, "postRenderers": { - "description": "PostRenderers holds an array of Helm PostRenderers, which will be applied in order\nof their definition.", + "description": "PostRenderers holds an array of Helm PostRenderers, which will be applied in order of their definition.", "type": "array", "items": { "description": "PostRenderer contains a Helm PostRenderer specification.", @@ -415,7 +379,7 @@ "type": "object", "properties": { "images": { - "description": "Images is a list of (image name, new name, new tag or digest)\nfor changing image names, tags or digests. This can also be achieved with a\npatch, but this operator is simpler to specify.", + "description": "Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.", "type": "array", "items": { "description": "Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.", @@ -425,7 +389,7 @@ ], "properties": { "digest": { - "description": "Digest is the value used to replace the original image tag.\nIf digest is present NewTag value is ignored.", + "description": "Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored.", "type": "string" }, "name": { @@ -445,17 +409,17 @@ } }, "patches": { - "description": "Strategic merge and JSON patches, defined as inline YAML objects,\ncapable of targeting objects based on kind, label and annotation selectors.", + "description": "Strategic merge and JSON patches, defined as inline YAML objects, capable of targeting objects based on kind, label and annotation selectors.", "type": "array", "items": { - "description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should\nbe applied to.", + "description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should be applied to.", "type": "object", "required": [ "patch" ], "properties": { "patch": { - "description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with\nan array of operation objects.", + "description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with an array of operation objects.", "type": "string" }, "target": { @@ -463,19 +427,19 @@ "type": "object", "properties": { "annotationSelector": { - "description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.", + "description": "AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.", "type": "string" }, "group": { - "description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "kind": { - "description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "labelSelector": { - "description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.", + "description": "LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.", "type": "string" }, "name": { @@ -487,7 +451,7 @@ "type": "string" }, "version": { - "description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" } }, @@ -512,7 +476,7 @@ "description": "Patch contains the JSON6902 patch document with an array of operation objects.", "type": "array", "items": { - "description": "JSON6902 is a JSON6902 operation object.\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4", + "description": "JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4", "type": "object", "required": [ "op", @@ -520,11 +484,11 @@ ], "properties": { "from": { - "description": "From contains a JSON-pointer value that references a location within the target document where the operation is\nperformed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.", + "description": "From contains a JSON-pointer value that references a location within the target document where the operation is performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.", "type": "string" }, "op": { - "description": "Op indicates the operation to perform. Its value MUST be one of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or\n\"test\".\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4", + "description": "Op indicates the operation to perform. Its value MUST be one of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4", "type": "string", "enum": [ "test", @@ -536,11 +500,11 @@ ] }, "path": { - "description": "Path contains the JSON-pointer value that references a location within the target document where the operation\nis performed. The meaning of the value depends on the value of Op.", + "description": "Path contains the JSON-pointer value that references a location within the target document where the operation is performed. The meaning of the value depends on the value of Op.", "type": "string" }, "value": { - "description": "Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into\naccount by all operations.", + "description": "Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.", "x-kubernetes-preserve-unknown-fields": true } }, @@ -552,19 +516,19 @@ "type": "object", "properties": { "annotationSelector": { - "description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.", + "description": "AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.", "type": "string" }, "group": { - "description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "kind": { - "description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "labelSelector": { - "description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.", + "description": "LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.", "type": "string" }, "name": { @@ -576,7 +540,7 @@ "type": "string" }, "version": { - "description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" } }, @@ -601,7 +565,7 @@ } }, "releaseName": { - "description": "ReleaseName used for the Helm release. Defaults to a composition of\n'[TargetNamespace-]Name'.", + "description": "ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.", "type": "string", "maxLength": 53, "minLength": 1 @@ -611,7 +575,7 @@ "type": "object", "properties": { "cleanupOnFail": { - "description": "CleanupOnFail allows deletion of new resources created during the Helm\nrollback action when it fails.", + "description": "CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails.", "type": "boolean" }, "disableHooks": { @@ -619,11 +583,11 @@ "type": "boolean" }, "disableWait": { - "description": "DisableWait disables the waiting for resources to be ready after a Helm\nrollback has been performed.", + "description": "DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed.", "type": "boolean" }, "disableWaitForJobs": { - "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm\nrollback has been performed.", + "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm rollback has been performed.", "type": "boolean" }, "force": { @@ -635,7 +599,7 @@ "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm rollback action. Defaults to\n'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -643,21 +607,21 @@ "additionalProperties": false }, "serviceAccountName": { - "description": "The name of the Kubernetes service account to impersonate\nwhen reconciling this HelmRelease.", + "description": "The name of the Kubernetes service account to impersonate when reconciling this HelmRelease.", "type": "string" }, "storageNamespace": { - "description": "StorageNamespace used for the Helm storage.\nDefaults to the namespace of the HelmRelease.", + "description": "StorageNamespace used for the Helm storage. Defaults to the namespace of the HelmRelease.", "type": "string", "maxLength": 63, "minLength": 1 }, "suspend": { - "description": "Suspend tells the controller to suspend reconciliation for this HelmRelease,\nit does not apply to already started reconciliations. Defaults to false.", + "description": "Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.", "type": "boolean" }, "targetNamespace": { - "description": "TargetNamespace to target when performing operations for the HelmRelease.\nDefaults to the namespace of the HelmRelease.", + "description": "TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.", "type": "string", "maxLength": 63, "minLength": 1 @@ -667,15 +631,15 @@ "type": "object", "properties": { "enable": { - "description": "Enable enables Helm test actions for this HelmRelease after an Helm install\nor upgrade action has been performed.", + "description": "Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed.", "type": "boolean" }, "ignoreFailures": { - "description": "IgnoreFailures tells the controller to skip remediation when the Helm tests\nare run but fail. Can be overwritten for tests run after install or upgrade\nactions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.", + "description": "IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.", "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation during\nthe performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -683,7 +647,7 @@ "additionalProperties": false }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs\nfor hooks) during the performance of a Helm action. Defaults to '5m0s'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, @@ -692,7 +656,7 @@ "type": "object", "properties": { "deletionPropagation": { - "description": "DeletionPropagation specifies the deletion propagation policy when\na Helm uninstall is performed.", + "description": "DeletionPropagation specifies the deletion propagation policy when a Helm uninstall is performed.", "type": "string", "default": "background", "enum": [ @@ -706,15 +670,15 @@ "type": "boolean" }, "disableWait": { - "description": "DisableWait disables waiting for all the resources to be deleted after\na Helm uninstall is performed.", + "description": "DisableWait disables waiting for all the resources to be deleted after a Helm uninstall is performed.", "type": "boolean" }, "keepHistory": { - "description": "KeepHistory tells Helm to remove all associated resources and mark the\nrelease as deleted, but retain the release history.", + "description": "KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history.", "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm uninstall action. Defaults\nto 'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -726,11 +690,11 @@ "type": "object", "properties": { "cleanupOnFail": { - "description": "CleanupOnFail allows deletion of new resources created during the Helm\nupgrade action when it fails.", + "description": "CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails.", "type": "boolean" }, "crds": { - "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according\nto the CRD upgrade policy provided here. Valid values are `Skip`,\n`Create` or `CreateReplace`. Default is `Skip` and if omitted\nCRDs are neither installed nor upgraded.\n\nSkip: do neither install nor replace (update) any CRDs.\n\nCreate: new CRDs are created, existing CRDs are neither updated nor deleted.\n\nCreateReplace: new CRDs are created, existing CRDs are updated (replaced)\nbut not deleted.\n\nBy default, CRDs are not applied during Helm upgrade action. With this\noption users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and if omitted CRDs are neither installed nor upgraded. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are not applied during Helm upgrade action. With this option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", "type": "string", "enum": [ "Skip", @@ -743,15 +707,15 @@ "type": "boolean" }, "disableOpenAPIValidation": { - "description": "DisableOpenAPIValidation prevents the Helm upgrade action from validating\nrendered templates against the Kubernetes OpenAPI Schema.", + "description": "DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.", "type": "boolean" }, "disableWait": { - "description": "DisableWait disables the waiting for resources to be ready after a Helm\nupgrade has been performed.", + "description": "DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.", "type": "boolean" }, "disableWaitForJobs": { - "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm\nupgrade has been performed.", + "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm upgrade has been performed.", "type": "boolean" }, "force": { @@ -759,23 +723,23 @@ "type": "boolean" }, "preserveValues": { - "description": "PreserveValues will make Helm reuse the last release's values and merge in\noverrides from 'Values'. Setting this flag makes the HelmRelease\nnon-declarative.", + "description": "PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative.", "type": "boolean" }, "remediation": { - "description": "Remediation holds the remediation configuration for when the Helm upgrade\naction for the HelmRelease fails. The default is to not perform any action.", + "description": "Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action.", "type": "object", "properties": { "ignoreTestFailures": { - "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm\ntests are run after an upgrade action but fail.\nDefaults to 'Test.IgnoreFailures'.", + "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'.", "type": "boolean" }, "remediateLastFailure": { - "description": "RemediateLastFailure tells the controller to remediate the last failure, when\nno retries remain. Defaults to 'false' unless 'Retries' is greater than 0.", + "description": "RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.", "type": "boolean" }, "retries": { - "description": "Retries is the number of retries that should be attempted on failures before\nbailing. Remediation, using 'Strategy', is performed between each attempt.\nDefaults to '0', a negative integer equals to unlimited retries.", + "description": "Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.", "type": "integer" }, "strategy": { @@ -790,7 +754,7 @@ "additionalProperties": false }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm upgrade action. Defaults to\n'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -802,10 +766,10 @@ "x-kubernetes-preserve-unknown-fields": true }, "valuesFrom": { - "description": "ValuesFrom holds references to resources containing Helm values for this HelmRelease,\nand information about how they should be merged.", + "description": "ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged.", "type": "array", "items": { - "description": "ValuesReference contains a reference to a resource containing Helm values,\nand optionally the key they can be found at.", + "description": "ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at.", "type": "object", "required": [ "kind", @@ -821,23 +785,23 @@ ] }, "name": { - "description": "Name of the values referent. Should reside in the same namespace as the\nreferring resource.", + "description": "Name of the values referent. Should reside in the same namespace as the referring resource.", "type": "string", "maxLength": 253, "minLength": 1 }, "optional": { - "description": "Optional marks this ValuesReference as optional. When set, a not found error\nfor the values reference is ignored, but any ValuesKey, TargetPath or\ntransient error will still result in a reconciliation failure.", + "description": "Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.", "type": "boolean" }, "targetPath": { - "description": "TargetPath is the YAML dot notation path the value should be merged at. When\nset, the ValuesKey is expected to be a single flat value. Defaults to 'None',\nwhich results in the values getting merged at the root.", + "description": "TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.", "type": "string", "maxLength": 250, "pattern": "^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$" }, "valuesKey": { - "description": "ValuesKey is the data key where the values.yaml or a specific value can be\nfound at. Defaults to 'values.yaml'.\nWhen set, must be a valid Data Key, consisting of alphanumeric characters,\n'-', '_' or '.'.", + "description": "ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'. When set, must be a valid Data Key, consisting of alphanumeric characters, '-', '_' or '.'.", "type": "string", "maxLength": 253, "pattern": "^[\\-._a-zA-Z0-9]+$" @@ -860,7 +824,7 @@ "description": "Conditions holds the conditions for the HelmRelease.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -871,23 +835,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -903,7 +867,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -913,19 +877,19 @@ } }, "failures": { - "description": "Failures is the reconciliation failure count against the latest desired\nstate. It is reset after a successful reconciliation.", + "description": "Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" }, "helmChart": { - "description": "HelmChart is the namespaced name of the HelmChart resource created by\nthe controller for the HelmRelease.", + "description": "HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.", "type": "string" }, "history": { - "description": "History holds the history of Helm releases performed for this HelmRelease\nup to the last successfully completed release.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "History holds the history of Helm releases performed for this HelmRelease up to the last successfully completed release. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "array", "items": { - "description": "Snapshot captures a point-in-time copy of the status information for a Helm release,\nas managed by the controller.", + "description": "Snapshot captures a point-in-time copy of the status information for a Helm release, as managed by the controller.", "type": "object", "required": [ "chartName", @@ -941,11 +905,7 @@ ], "properties": { "apiVersion": { - "description": "APIVersion is the API version of the Snapshot.\nProvisional: when the calculation method of the Digest field is changed,\nthis field will be used to distinguish between the old and new methods.", - "type": "string" - }, - "appVersion": { - "description": "AppVersion is the chart app version of the release object in storage.", + "description": "APIVersion is the API version of the Snapshot. Provisional: when the calculation method of the Digest field is changed, this field will be used to distinguish between the old and new methods.", "type": "string" }, "chartName": { @@ -953,11 +913,11 @@ "type": "string" }, "chartVersion": { - "description": "ChartVersion is the chart version of the release object in\nstorage.", + "description": "ChartVersion is the chart version of the release object in storage.", "type": "string" }, "configDigest": { - "description": "ConfigDigest is the checksum of the config (better known as\n\"values\") of the release object in storage.\nIt has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", + "description": "ConfigDigest is the checksum of the config (better known as \"values\") of the release object in storage. It has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", "type": "string" }, "deleted": { @@ -966,7 +926,7 @@ "format": "date-time" }, "digest": { - "description": "Digest is the checksum of the release object in storage.\nIt has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", + "description": "Digest is the checksum of the release object in storage. It has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", "type": "string" }, "firstDeployed": { @@ -987,19 +947,15 @@ "description": "Namespace is the namespace the release is deployed to.", "type": "string" }, - "ociDigest": { - "description": "OCIDigest is the digest of the OCI artifact associated with the release.", - "type": "string" - }, "status": { "description": "Status is the current state of the release.", "type": "string" }, "testHooks": { - "description": "TestHooks is the list of test hooks for the release as observed to be\nrun by the controller.", + "description": "TestHooks is the list of test hooks for the release as observed to be run by the controller.", "type": "object", "additionalProperties": { - "description": "TestHookStatus holds the status information for a test hook as observed\nto be run by the controller.", + "description": "TestHookStatus holds the status information for a test hook as observed to be run by the controller.", "type": "object", "properties": { "lastCompleted": { @@ -1028,7 +984,7 @@ } }, "installFailures": { - "description": "InstallFailures is the install failure count against the latest desired\nstate. It is reset after a successful reconciliation.", + "description": "InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" }, @@ -1037,16 +993,16 @@ "type": "string" }, "lastAttemptedConfigDigest": { - "description": "LastAttemptedConfigDigest is the digest for the config (better known as\n\"values\") of the last reconciliation attempt.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "LastAttemptedConfigDigest is the digest for the config (better known as \"values\") of the last reconciliation attempt. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "string" }, "lastAttemptedGeneration": { - "description": "LastAttemptedGeneration is the last generation the controller attempted\nto reconcile.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "LastAttemptedGeneration is the last generation the controller attempted to reconcile. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "integer", "format": "int64" }, "lastAttemptedReleaseAction": { - "description": "LastAttemptedReleaseAction is the last release action performed for this\nHelmRelease. It is used to determine the active remediation strategy.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "LastAttemptedReleaseAction is the last release action performed for this HelmRelease. It is used to determine the active remediation strategy. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "string" }, "lastAttemptedRevision": { @@ -1054,19 +1010,19 @@ "type": "string" }, "lastAttemptedValuesChecksum": { - "description": "LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last\nreconciliation attempt.", + "description": "LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.", "type": "string" }, "lastHandledForceAt": { - "description": "LastHandledForceAt holds the value of the most recent force request\nvalue, so a change of the annotation value can be detected.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "LastHandledForceAt holds the value of the most recent force request value, so a change of the annotation value can be detected. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "string" }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "lastHandledResetAt": { - "description": "LastHandledResetAt holds the value of the most recent reset request\nvalue, so a change of the annotation value can be detected.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "LastHandledResetAt holds the value of the most recent reset request value, so a change of the annotation value can be detected. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "string" }, "lastReleaseRevision": { @@ -1078,16 +1034,12 @@ "type": "integer", "format": "int64" }, - "observedPostRenderersDigest": { - "description": "ObservedPostRenderersDigest is the digest for the post-renderers of\nthe last successful reconciliation attempt.", - "type": "string" - }, "storageNamespace": { - "description": "StorageNamespace is the namespace of the Helm release storage for the\ncurrent release.\n\nNote: this field is provisional to the v2beta2 API, and not actively used\nby v2beta1 HelmReleases.", + "description": "StorageNamespace is the namespace of the Helm release storage for the current release. \n Note: this field is provisional to the v2beta2 API, and not actively used by v2beta1 HelmReleases.", "type": "string" }, "upgradeFailures": { - "description": "UpgradeFailures is the upgrade failure count against the latest desired\nstate. It is reset after a successful reconciliation.", + "description": "UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" } diff --git a/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json b/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json index 05eb74cd6..a422fa7dd 100644 --- a/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +++ b/schema/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -17,11 +17,12 @@ "description": "HelmReleaseSpec defines the desired state of a Helm release.", "type": "object", "required": [ + "chart", "interval" ], "properties": { "chart": { - "description": "Chart defines the template of the v1beta2.HelmChart that should be created\nfor this HelmRelease.", + "description": "Chart defines the template of the v1beta2.HelmChart that should be created for this HelmRelease.", "type": "object", "required": [ "spec" @@ -32,14 +33,14 @@ "type": "object", "properties": { "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { - "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", "type": "object", "additionalProperties": { "type": "string" @@ -62,17 +63,13 @@ "maxLength": 2048, "minLength": 1 }, - "ignoreMissingValuesFiles": { - "description": "IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than failing.", - "type": "boolean" - }, "interval": { - "description": "Interval at which to check the v1.Source for updates. Defaults to\n'HelmReleaseSpec.Interval'.", + "description": "Interval at which to check the v1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "reconcileStrategy": { - "description": "Determines what enables the creation of a new artifact. Valid values are\n('ChartVersion', 'Revision').\nSee the documentation of the values for an explanation on their behavior.\nDefaults to ChartVersion when omitted.", + "description": "Determines what enables the creation of a new artifact. Valid values are ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their behavior. Defaults to ChartVersion when omitted.", "type": "string", "default": "ChartVersion", "enum": [ @@ -84,7 +81,6 @@ "description": "The name and namespace of the v1.Source the chart is available at.", "type": "object", "required": [ - "kind", "name" ], "properties": { @@ -117,18 +113,18 @@ "additionalProperties": false }, "valuesFile": { - "description": "Alternative values file to use as the default chart values, expected to\nbe a relative path in the SourceRef. Deprecated in favor of ValuesFiles,\nfor backwards compatibility the file defined here is merged before the\nValuesFiles items. Ignored when omitted.", + "description": "Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted.", "type": "string" }, "valuesFiles": { - "description": "Alternative list of values files to use as the chart values (values.yaml\nis not included by default), expected to be a relative path in the SourceRef.\nValues files are merged in the order of this list with the last file overriding\nthe first. Ignored when omitted.", + "description": "Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted.", "type": "array", "items": { "type": "string" } }, "verify": { - "description": "Verify contains the secret name containing the trusted public keys\nused to verify the signature and specifies which provider to use to check\nwhether OCI image is authentic.\nThis field is only supported for OCI sources.\nChart dependencies, which are not bundled in the umbrella chart artifact,\nare not verified.", + "description": "Verify contains the secret name containing the trusted public keys used to verify the signature and specifies which provider to use to check whether OCI image is authentic. This field is only supported for OCI sources. Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.", "type": "object", "required": [ "provider" @@ -139,12 +135,11 @@ "type": "string", "default": "cosign", "enum": [ - "cosign", - "notation" + "cosign" ] }, "secretRef": { - "description": "SecretRef specifies the Kubernetes Secret containing the\ntrusted public keys.", + "description": "SecretRef specifies the Kubernetes Secret containing the trusted public keys.", "type": "object", "required": [ "name" @@ -161,7 +156,7 @@ "additionalProperties": false }, "version": { - "description": "Version semver expression, ignored for charts from v1beta2.GitRepository and\nv1beta2.Bucket sources. Defaults to latest when omitted.", + "description": "Version semver expression, ignored for charts from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults to latest when omitted.", "type": "string", "default": "*" } @@ -171,46 +166,11 @@ }, "additionalProperties": false }, - "chartRef": { - "description": "ChartRef holds a reference to a source controller resource containing the\nHelm chart artifact.\n\nNote: this field is provisional to the v2 API, and not actively used\nby v2beta2 HelmReleases.", - "type": "object", - "required": [ - "kind", - "name" - ], - "properties": { - "apiVersion": { - "description": "APIVersion of the referent.", - "type": "string" - }, - "kind": { - "description": "Kind of the referent.", - "type": "string", - "enum": [ - "OCIRepository", - "HelmChart" - ] - }, - "name": { - "description": "Name of the referent.", - "type": "string", - "maxLength": 253, - "minLength": 1 - }, - "namespace": { - "description": "Namespace of the referent, defaults to the namespace of the Kubernetes\nresource object that contains the reference.", - "type": "string", - "maxLength": 63, - "minLength": 1 - } - }, - "additionalProperties": false - }, "dependsOn": { - "description": "DependsOn may contain a meta.NamespacedObjectReference slice with\nreferences to HelmRelease resources that must be ready before this HelmRelease\ncan be reconciled.", + "description": "DependsOn may contain a meta.NamespacedObjectReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled.", "type": "array", "items": { - "description": "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any\nnamespace.", + "description": "NamespacedObjectReference contains enough information to locate the referenced Kubernetes resource object in any namespace.", "type": "object", "required": [ "name" @@ -229,44 +189,44 @@ } }, "driftDetection": { - "description": "DriftDetection holds the configuration for detecting and handling\ndifferences between the manifest in the Helm storage and the resources\ncurrently existing in the cluster.", + "description": "DriftDetection holds the configuration for detecting and handling differences between the manifest in the Helm storage and the resources currently existing in the cluster.", "type": "object", "properties": { "ignore": { - "description": "Ignore contains a list of rules for specifying which changes to ignore\nduring diffing.", + "description": "Ignore contains a list of rules for specifying which changes to ignore during diffing.", "type": "array", "items": { - "description": "IgnoreRule defines a rule to selectively disregard specific changes during\nthe drift detection process.", + "description": "IgnoreRule defines a rule to selectively disregard specific changes during the drift detection process.", "type": "object", "required": [ "paths" ], "properties": { "paths": { - "description": "Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from\nconsideration in a Kubernetes object.", + "description": "Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from consideration in a Kubernetes object.", "type": "array", "items": { "type": "string" } }, "target": { - "description": "Target is a selector for specifying Kubernetes objects to which this\nrule applies.\nIf Target is not set, the Paths will be ignored for all Kubernetes\nobjects within the manifest of the Helm release.", + "description": "Target is a selector for specifying Kubernetes objects to which this rule applies. If Target is not set, the Paths will be ignored for all Kubernetes objects within the manifest of the Helm release.", "type": "object", "properties": { "annotationSelector": { - "description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.", + "description": "AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.", "type": "string" }, "group": { - "description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "kind": { - "description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "labelSelector": { - "description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.", + "description": "LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.", "type": "string" }, "name": { @@ -278,7 +238,7 @@ "type": "string" }, "version": { - "description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" } }, @@ -289,7 +249,7 @@ } }, "mode": { - "description": "Mode defines how differences should be handled between the Helm manifest\nand the manifest currently applied to the cluster.\nIf not explicitly set, it defaults to DiffModeDisabled.", + "description": "Mode defines how differences should be handled between the Helm manifest and the manifest currently applied to the cluster. If not explicitly set, it defaults to DiffModeDisabled.", "type": "string", "enum": [ "enabled", @@ -305,7 +265,7 @@ "type": "object", "properties": { "crds": { - "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according\nto the CRD upgrade policy provided here. Valid values are `Skip`,\n`Create` or `CreateReplace`. Default is `Create` and if omitted\nCRDs are installed but not updated.\n\nSkip: do neither install nor replace (update) any CRDs.\n\nCreate: new CRDs are created, existing CRDs are neither updated nor deleted.\n\nCreateReplace: new CRDs are created, existing CRDs are updated (replaced)\nbut not deleted.\n\nBy default, CRDs are applied (installed) during Helm install action.\nWith this option users can opt in to CRD replace existing CRDs on Helm\ninstall actions, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Create` and if omitted CRDs are installed but not updated. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are applied (installed) during Helm install action. With this option users can opt in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", "type": "string", "enum": [ "Skip", @@ -314,7 +274,7 @@ ] }, "createNamespace": { - "description": "CreateNamespace tells the Helm install action to create the\nHelmReleaseSpec.TargetNamespace if it does not exist yet.\nOn uninstall, the namespace will not be garbage collected.", + "description": "CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected.", "type": "boolean" }, "disableHooks": { @@ -322,46 +282,46 @@ "type": "boolean" }, "disableOpenAPIValidation": { - "description": "DisableOpenAPIValidation prevents the Helm install action from validating\nrendered templates against the Kubernetes OpenAPI Schema.", + "description": "DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.", "type": "boolean" }, "disableWait": { - "description": "DisableWait disables the waiting for resources to be ready after a Helm\ninstall has been performed.", + "description": "DisableWait disables the waiting for resources to be ready after a Helm install has been performed.", "type": "boolean" }, "disableWaitForJobs": { - "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm\ninstall has been performed.", + "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm install has been performed.", "type": "boolean" }, "remediation": { - "description": "Remediation holds the remediation configuration for when the Helm install\naction for the HelmRelease fails. The default is to not perform any action.", + "description": "Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action.", "type": "object", "properties": { "ignoreTestFailures": { - "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm\ntests are run after an install action but fail. Defaults to\n'Test.IgnoreFailures'.", + "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'.", "type": "boolean" }, "remediateLastFailure": { - "description": "RemediateLastFailure tells the controller to remediate the last failure, when\nno retries remain. Defaults to 'false'.", + "description": "RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'.", "type": "boolean" }, "retries": { - "description": "Retries is the number of retries that should be attempted on failures before\nbailing. Remediation, using an uninstall, is performed between each attempt.\nDefaults to '0', a negative integer equals to unlimited retries.", + "description": "Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.", "type": "integer" } }, "additionalProperties": false }, "replace": { - "description": "Replace tells the Helm install action to re-use the 'ReleaseName', but only\nif that name is a deleted release which remains in the history.", + "description": "Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history.", "type": "boolean" }, "skipCRDs": { - "description": "SkipCRDs tells the Helm install action to not install any CRDs. By default,\nCRDs are installed if not already present.\n\nDeprecated use CRD policy (`crds`) attribute with value `Skip` instead.", + "description": "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. \n Deprecated use CRD policy (`crds`) attribute with value `Skip` instead.", "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm install action. Defaults to\n'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -374,25 +334,14 @@ "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "kubeConfig": { - "description": "KubeConfig for reconciling the HelmRelease on a remote cluster.\nWhen used in combination with HelmReleaseSpec.ServiceAccountName,\nforces the controller to act on behalf of that Service Account at the\ntarget cluster.\nIf the --default-service-account flag is set, its value will be used as\na controller level fallback for when HelmReleaseSpec.ServiceAccountName\nis empty.", + "description": "KubeConfig for reconciling the HelmRelease on a remote cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the --default-service-account flag is set, its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName is empty.", "type": "object", + "required": [ + "secretRef" + ], "properties": { - "configMapRef": { - "description": "ConfigMapRef holds an optional name of a ConfigMap that contains\nthe following keys:\n\n- `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or\n `generic`. Required.\n- `cluster`: the fully qualified resource name of the Kubernetes\n cluster in the cloud provider API. Not used by the `generic`\n provider. Required when one of `address` or `ca.crt` is not set.\n- `address`: the address of the Kubernetes API server. Required\n for `generic`. For the other providers, if not specified, the\n first address in the cluster resource will be used, and if\n specified, it must match one of the addresses in the cluster\n resource.\n If audiences is not set, will be used as the audience for the\n `generic` provider.\n- `ca.crt`: the optional PEM-encoded CA certificate for the\n Kubernetes API server. If not set, the controller will use the\n CA certificate from the cluster resource.\n- `audiences`: the optional audiences as a list of\n line-break-separated strings for the Kubernetes ServiceAccount\n token. Defaults to the `address` for the `generic` provider, or\n to specific values for the other providers depending on the\n provider.\n- `serviceAccountName`: the optional name of the Kubernetes\n ServiceAccount in the same namespace that should be used\n for authentication. If not specified, the controller\n ServiceAccount will be used.\n\nMutually exclusive with SecretRef.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "additionalProperties": false - }, "secretRef": { - "description": "SecretRef holds an optional name of a secret that contains a key with\nthe kubeconfig file as the value. If no key is set, the key will default\nto 'value'. Mutually exclusive with ConfigMapRef.\nIt is recommended that the kubeconfig is self-contained, and the secret\nis regularly updated if credentials such as a cloud-access-token expire.\nCloud specific `cmd-path` auth helpers will not function without adding\nbinaries and credentials to the Pod that is responsible for reconciling\nKubernetes resources. Supported only for the generic provider.", + "description": "SecretRef holds the name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources.", "type": "object", "required": [ "name" @@ -410,28 +359,18 @@ "additionalProperties": false } }, - "additionalProperties": false, - "x-kubernetes-validations": [ - { - "rule": "has(self.configMapRef) || has(self.secretRef)", - "message": "exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef must be specified" - }, - { - "rule": "!has(self.configMapRef) || !has(self.secretRef)", - "message": "exactly one of spec.kubeConfig.configMapRef or spec.kubeConfig.secretRef must be specified" - } - ] + "additionalProperties": false }, "maxHistory": { - "description": "MaxHistory is the number of revisions saved by Helm for this HelmRelease.\nUse '0' for an unlimited number of revisions; defaults to '5'.", + "description": "MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '5'.", "type": "integer" }, "persistentClient": { - "description": "PersistentClient tells the controller to use a persistent Kubernetes\nclient for this release. When enabled, the client will be reused for the\nduration of the reconciliation, instead of being created and destroyed\nfor each (step of a) Helm action.\n\nThis can improve performance, but may cause issues with some Helm charts\nthat for example do create Custom Resource Definitions during installation\noutside Helm's CRD lifecycle hooks, which are then not observed to be\navailable by e.g. post-install hooks.\n\nIf not set, it defaults to true.", + "description": "PersistentClient tells the controller to use a persistent Kubernetes client for this release. When enabled, the client will be reused for the duration of the reconciliation, instead of being created and destroyed for each (step of a) Helm action. \n This can improve performance, but may cause issues with some Helm charts that for example do create Custom Resource Definitions during installation outside Helm's CRD lifecycle hooks, which are then not observed to be available by e.g. post-install hooks. \n If not set, it defaults to true.", "type": "boolean" }, "postRenderers": { - "description": "PostRenderers holds an array of Helm PostRenderers, which will be applied in order\nof their definition.", + "description": "PostRenderers holds an array of Helm PostRenderers, which will be applied in order of their definition.", "type": "array", "items": { "description": "PostRenderer contains a Helm PostRenderer specification.", @@ -442,7 +381,7 @@ "type": "object", "properties": { "images": { - "description": "Images is a list of (image name, new name, new tag or digest)\nfor changing image names, tags or digests. This can also be achieved with a\npatch, but this operator is simpler to specify.", + "description": "Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.", "type": "array", "items": { "description": "Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag.", @@ -452,7 +391,7 @@ ], "properties": { "digest": { - "description": "Digest is the value used to replace the original image tag.\nIf digest is present NewTag value is ignored.", + "description": "Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored.", "type": "string" }, "name": { @@ -472,17 +411,17 @@ } }, "patches": { - "description": "Strategic merge and JSON patches, defined as inline YAML objects,\ncapable of targeting objects based on kind, label and annotation selectors.", + "description": "Strategic merge and JSON patches, defined as inline YAML objects, capable of targeting objects based on kind, label and annotation selectors.", "type": "array", "items": { - "description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should\nbe applied to.", + "description": "Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should be applied to.", "type": "object", "required": [ "patch" ], "properties": { "patch": { - "description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with\nan array of operation objects.", + "description": "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with an array of operation objects.", "type": "string" }, "target": { @@ -490,19 +429,19 @@ "type": "object", "properties": { "annotationSelector": { - "description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.", + "description": "AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.", "type": "string" }, "group": { - "description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "kind": { - "description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "labelSelector": { - "description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.", + "description": "LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.", "type": "string" }, "name": { @@ -514,7 +453,7 @@ "type": "string" }, "version": { - "description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" } }, @@ -525,7 +464,7 @@ } }, "patchesJson6902": { - "description": "JSON 6902 patches, defined as inline YAML objects.\n\nDeprecated: use Patches instead.", + "description": "JSON 6902 patches, defined as inline YAML objects. Deprecated: use Patches instead.", "type": "array", "items": { "description": "JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to.", @@ -539,7 +478,7 @@ "description": "Patch contains the JSON6902 patch document with an array of operation objects.", "type": "array", "items": { - "description": "JSON6902 is a JSON6902 operation object.\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4", + "description": "JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4", "type": "object", "required": [ "op", @@ -547,11 +486,11 @@ ], "properties": { "from": { - "description": "From contains a JSON-pointer value that references a location within the target document where the operation is\nperformed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.", + "description": "From contains a JSON-pointer value that references a location within the target document where the operation is performed. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.", "type": "string" }, "op": { - "description": "Op indicates the operation to perform. Its value MUST be one of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or\n\"test\".\nhttps://datatracker.ietf.org/doc/html/rfc6902#section-4", + "description": "Op indicates the operation to perform. Its value MUST be one of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\". https://datatracker.ietf.org/doc/html/rfc6902#section-4", "type": "string", "enum": [ "test", @@ -563,11 +502,11 @@ ] }, "path": { - "description": "Path contains the JSON-pointer value that references a location within the target document where the operation\nis performed. The meaning of the value depends on the value of Op.", + "description": "Path contains the JSON-pointer value that references a location within the target document where the operation is performed. The meaning of the value depends on the value of Op.", "type": "string" }, "value": { - "description": "Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into\naccount by all operations.", + "description": "Value contains a valid JSON structure. The meaning of the value depends on the value of Op, and is NOT taken into account by all operations.", "x-kubernetes-preserve-unknown-fields": true } }, @@ -579,19 +518,19 @@ "type": "object", "properties": { "annotationSelector": { - "description": "AnnotationSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource annotations.", + "description": "AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.", "type": "string" }, "group": { - "description": "Group is the API group to select resources from.\nTogether with Version and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "kind": { - "description": "Kind of the API Group to select resources from.\nTogether with Group and Version it is capable of unambiguously\nidentifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" }, "labelSelector": { - "description": "LabelSelector is a string that follows the label selection expression\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api\nIt matches with the resource labels.", + "description": "LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.", "type": "string" }, "name": { @@ -603,7 +542,7 @@ "type": "string" }, "version": { - "description": "Version of the API Group to select resources from.\nTogether with Group and Kind it is capable of unambiguously identifying and/or selecting resources.\nhttps://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + "description": "Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", "type": "string" } }, @@ -614,7 +553,7 @@ } }, "patchesStrategicMerge": { - "description": "Strategic merge patches, defined as inline YAML objects.\n\nDeprecated: use Patches instead.", + "description": "Strategic merge patches, defined as inline YAML objects. Deprecated: use Patches instead.", "type": "array", "items": { "x-kubernetes-preserve-unknown-fields": true @@ -628,7 +567,7 @@ } }, "releaseName": { - "description": "ReleaseName used for the Helm release. Defaults to a composition of\n'[TargetNamespace-]Name'.", + "description": "ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.", "type": "string", "maxLength": 53, "minLength": 1 @@ -638,7 +577,7 @@ "type": "object", "properties": { "cleanupOnFail": { - "description": "CleanupOnFail allows deletion of new resources created during the Helm\nrollback action when it fails.", + "description": "CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails.", "type": "boolean" }, "disableHooks": { @@ -646,11 +585,11 @@ "type": "boolean" }, "disableWait": { - "description": "DisableWait disables the waiting for resources to be ready after a Helm\nrollback has been performed.", + "description": "DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed.", "type": "boolean" }, "disableWaitForJobs": { - "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm\nrollback has been performed.", + "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm rollback has been performed.", "type": "boolean" }, "force": { @@ -662,7 +601,7 @@ "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm rollback action. Defaults to\n'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -670,23 +609,23 @@ "additionalProperties": false }, "serviceAccountName": { - "description": "The name of the Kubernetes service account to impersonate\nwhen reconciling this HelmRelease.", + "description": "The name of the Kubernetes service account to impersonate when reconciling this HelmRelease.", "type": "string", "maxLength": 253, "minLength": 1 }, "storageNamespace": { - "description": "StorageNamespace used for the Helm storage.\nDefaults to the namespace of the HelmRelease.", + "description": "StorageNamespace used for the Helm storage. Defaults to the namespace of the HelmRelease.", "type": "string", "maxLength": 63, "minLength": 1 }, "suspend": { - "description": "Suspend tells the controller to suspend reconciliation for this HelmRelease,\nit does not apply to already started reconciliations. Defaults to false.", + "description": "Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.", "type": "boolean" }, "targetNamespace": { - "description": "TargetNamespace to target when performing operations for the HelmRelease.\nDefaults to the namespace of the HelmRelease.", + "description": "TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.", "type": "string", "maxLength": 63, "minLength": 1 @@ -696,7 +635,7 @@ "type": "object", "properties": { "enable": { - "description": "Enable enables Helm test actions for this HelmRelease after an Helm install\nor upgrade action has been performed.", + "description": "Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed.", "type": "boolean" }, "filters": { @@ -724,11 +663,11 @@ } }, "ignoreFailures": { - "description": "IgnoreFailures tells the controller to skip remediation when the Helm tests\nare run but fail. Can be overwritten for tests run after install or upgrade\nactions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.", + "description": "IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.", "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation during\nthe performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -736,7 +675,7 @@ "additionalProperties": false }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs\nfor hooks) during the performance of a Helm action. Defaults to '5m0s'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, @@ -745,7 +684,7 @@ "type": "object", "properties": { "deletionPropagation": { - "description": "DeletionPropagation specifies the deletion propagation policy when\na Helm uninstall is performed.", + "description": "DeletionPropagation specifies the deletion propagation policy when a Helm uninstall is performed.", "type": "string", "default": "background", "enum": [ @@ -759,15 +698,15 @@ "type": "boolean" }, "disableWait": { - "description": "DisableWait disables waiting for all the resources to be deleted after\na Helm uninstall is performed.", + "description": "DisableWait disables waiting for all the resources to be deleted after a Helm uninstall is performed.", "type": "boolean" }, "keepHistory": { - "description": "KeepHistory tells Helm to remove all associated resources and mark the\nrelease as deleted, but retain the release history.", + "description": "KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history.", "type": "boolean" }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm uninstall action. Defaults\nto 'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -779,11 +718,11 @@ "type": "object", "properties": { "cleanupOnFail": { - "description": "CleanupOnFail allows deletion of new resources created during the Helm\nupgrade action when it fails.", + "description": "CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails.", "type": "boolean" }, "crds": { - "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according\nto the CRD upgrade policy provided here. Valid values are `Skip`,\n`Create` or `CreateReplace`. Default is `Skip` and if omitted\nCRDs are neither installed nor upgraded.\n\nSkip: do neither install nor replace (update) any CRDs.\n\nCreate: new CRDs are created, existing CRDs are neither updated nor deleted.\n\nCreateReplace: new CRDs are created, existing CRDs are updated (replaced)\nbut not deleted.\n\nBy default, CRDs are not applied during Helm upgrade action. With this\noption users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.\nhttps://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + "description": "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and if omitted CRDs are neither installed nor upgraded. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are not applied during Helm upgrade action. With this option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", "type": "string", "enum": [ "Skip", @@ -796,15 +735,15 @@ "type": "boolean" }, "disableOpenAPIValidation": { - "description": "DisableOpenAPIValidation prevents the Helm upgrade action from validating\nrendered templates against the Kubernetes OpenAPI Schema.", + "description": "DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.", "type": "boolean" }, "disableWait": { - "description": "DisableWait disables the waiting for resources to be ready after a Helm\nupgrade has been performed.", + "description": "DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.", "type": "boolean" }, "disableWaitForJobs": { - "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm\nupgrade has been performed.", + "description": "DisableWaitForJobs disables waiting for jobs to complete after a Helm upgrade has been performed.", "type": "boolean" }, "force": { @@ -812,23 +751,23 @@ "type": "boolean" }, "preserveValues": { - "description": "PreserveValues will make Helm reuse the last release's values and merge in\noverrides from 'Values'. Setting this flag makes the HelmRelease\nnon-declarative.", + "description": "PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative.", "type": "boolean" }, "remediation": { - "description": "Remediation holds the remediation configuration for when the Helm upgrade\naction for the HelmRelease fails. The default is to not perform any action.", + "description": "Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action.", "type": "object", "properties": { "ignoreTestFailures": { - "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm\ntests are run after an upgrade action but fail.\nDefaults to 'Test.IgnoreFailures'.", + "description": "IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'.", "type": "boolean" }, "remediateLastFailure": { - "description": "RemediateLastFailure tells the controller to remediate the last failure, when\nno retries remain. Defaults to 'false' unless 'Retries' is greater than 0.", + "description": "RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.", "type": "boolean" }, "retries": { - "description": "Retries is the number of retries that should be attempted on failures before\nbailing. Remediation, using 'Strategy', is performed between each attempt.\nDefaults to '0', a negative integer equals to unlimited retries.", + "description": "Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.", "type": "integer" }, "strategy": { @@ -843,7 +782,7 @@ "additionalProperties": false }, "timeout": { - "description": "Timeout is the time to wait for any individual Kubernetes operation (like\nJobs for hooks) during the performance of a Helm upgrade action. Defaults to\n'HelmReleaseSpec.Timeout'.", + "description": "Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" } @@ -855,10 +794,10 @@ "x-kubernetes-preserve-unknown-fields": true }, "valuesFrom": { - "description": "ValuesFrom holds references to resources containing Helm values for this HelmRelease,\nand information about how they should be merged.", + "description": "ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged.", "type": "array", "items": { - "description": "ValuesReference contains a reference to a resource containing Helm values,\nand optionally the key they can be found at.", + "description": "ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at.", "type": "object", "required": [ "kind", @@ -874,23 +813,23 @@ ] }, "name": { - "description": "Name of the values referent. Should reside in the same namespace as the\nreferring resource.", + "description": "Name of the values referent. Should reside in the same namespace as the referring resource.", "type": "string", "maxLength": 253, "minLength": 1 }, "optional": { - "description": "Optional marks this ValuesReference as optional. When set, a not found error\nfor the values reference is ignored, but any ValuesKey, TargetPath or\ntransient error will still result in a reconciliation failure.", + "description": "Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.", "type": "boolean" }, "targetPath": { - "description": "TargetPath is the YAML dot notation path the value should be merged at. When\nset, the ValuesKey is expected to be a single flat value. Defaults to 'None',\nwhich results in the values getting merged at the root.", + "description": "TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.", "type": "string", "maxLength": 250, "pattern": "^([a-zA-Z0-9_\\-.\\\\\\/]|\\[[0-9]{1,5}\\])+$" }, "valuesKey": { - "description": "ValuesKey is the data key where the values.yaml or a specific value can be\nfound at. Defaults to 'values.yaml'.", + "description": "ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'.", "type": "string", "maxLength": 253, "pattern": "^[\\-._a-zA-Z0-9]+$" @@ -900,13 +839,7 @@ } } }, - "additionalProperties": false, - "x-kubernetes-validations": [ - { - "rule": "(has(self.chart) \u0026\u0026 !has(self.chartRef)) || (!has(self.chart) \u0026\u0026 has(self.chartRef))", - "message": "either chart or chartRef must be set" - } - ] + "additionalProperties": false }, "status": { "description": "HelmReleaseStatus defines the observed state of a HelmRelease.", @@ -919,7 +852,7 @@ "description": "Conditions holds the conditions for the HelmRelease.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -930,23 +863,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -962,7 +895,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -972,19 +905,19 @@ } }, "failures": { - "description": "Failures is the reconciliation failure count against the latest desired\nstate. It is reset after a successful reconciliation.", + "description": "Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" }, "helmChart": { - "description": "HelmChart is the namespaced name of the HelmChart resource created by\nthe controller for the HelmRelease.", + "description": "HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.", "type": "string" }, "history": { - "description": "History holds the history of Helm releases performed for this HelmRelease\nup to the last successfully completed release.", + "description": "History holds the history of Helm releases performed for this HelmRelease up to the last successfully completed release.", "type": "array", "items": { - "description": "Snapshot captures a point-in-time copy of the status information for a Helm release,\nas managed by the controller.", + "description": "Snapshot captures a point-in-time copy of the status information for a Helm release, as managed by the controller.", "type": "object", "required": [ "chartName", @@ -1000,11 +933,7 @@ ], "properties": { "apiVersion": { - "description": "APIVersion is the API version of the Snapshot.\nProvisional: when the calculation method of the Digest field is changed,\nthis field will be used to distinguish between the old and new methods.", - "type": "string" - }, - "appVersion": { - "description": "AppVersion is the chart app version of the release object in storage.", + "description": "APIVersion is the API version of the Snapshot. Provisional: when the calculation method of the Digest field is changed, this field will be used to distinguish between the old and new methods.", "type": "string" }, "chartName": { @@ -1012,11 +941,11 @@ "type": "string" }, "chartVersion": { - "description": "ChartVersion is the chart version of the release object in\nstorage.", + "description": "ChartVersion is the chart version of the release object in storage.", "type": "string" }, "configDigest": { - "description": "ConfigDigest is the checksum of the config (better known as\n\"values\") of the release object in storage.\nIt has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", + "description": "ConfigDigest is the checksum of the config (better known as \"values\") of the release object in storage. It has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", "type": "string" }, "deleted": { @@ -1025,7 +954,7 @@ "format": "date-time" }, "digest": { - "description": "Digest is the checksum of the release object in storage.\nIt has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", + "description": "Digest is the checksum of the release object in storage. It has the format of `\u003calgo\u003e:\u003cchecksum\u003e`.", "type": "string" }, "firstDeployed": { @@ -1046,19 +975,15 @@ "description": "Namespace is the namespace the release is deployed to.", "type": "string" }, - "ociDigest": { - "description": "OCIDigest is the digest of the OCI artifact associated with the release.", - "type": "string" - }, "status": { "description": "Status is the current state of the release.", "type": "string" }, "testHooks": { - "description": "TestHooks is the list of test hooks for the release as observed to be\nrun by the controller.", + "description": "TestHooks is the list of test hooks for the release as observed to be run by the controller.", "type": "object", "additionalProperties": { - "description": "TestHookStatus holds the status information for a test hook as observed\nto be run by the controller.", + "description": "TestHookStatus holds the status information for a test hook as observed to be run by the controller.", "type": "object", "properties": { "lastCompleted": { @@ -1087,25 +1012,25 @@ } }, "installFailures": { - "description": "InstallFailures is the install failure count against the latest desired\nstate. It is reset after a successful reconciliation.", + "description": "InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" }, "lastAppliedRevision": { - "description": "LastAppliedRevision is the revision of the last successfully applied\nsource.\n\nDeprecated: the revision can now be found in the History.", + "description": "LastAppliedRevision is the revision of the last successfully applied source. Deprecated: the revision can now be found in the History.", "type": "string" }, "lastAttemptedConfigDigest": { - "description": "LastAttemptedConfigDigest is the digest for the config (better known as\n\"values\") of the last reconciliation attempt.", + "description": "LastAttemptedConfigDigest is the digest for the config (better known as \"values\") of the last reconciliation attempt.", "type": "string" }, "lastAttemptedGeneration": { - "description": "LastAttemptedGeneration is the last generation the controller attempted\nto reconcile.", + "description": "LastAttemptedGeneration is the last generation the controller attempted to reconcile.", "type": "integer", "format": "int64" }, "lastAttemptedReleaseAction": { - "description": "LastAttemptedReleaseAction is the last release action performed for this\nHelmRelease. It is used to determine the active remediation strategy.", + "description": "LastAttemptedReleaseAction is the last release action performed for this HelmRelease. It is used to determine the active remediation strategy.", "type": "string", "enum": [ "install", @@ -1113,31 +1038,27 @@ ] }, "lastAttemptedRevision": { - "description": "LastAttemptedRevision is the Source revision of the last reconciliation\nattempt. For OCIRepository sources, the 12 first characters of the digest are\nappended to the chart version e.g. \"1.2.3+1234567890ab\".", - "type": "string" - }, - "lastAttemptedRevisionDigest": { - "description": "LastAttemptedRevisionDigest is the digest of the last reconciliation attempt.\nThis is only set for OCIRepository sources.", + "description": "LastAttemptedRevision is the Source revision of the last reconciliation attempt.", "type": "string" }, "lastAttemptedValuesChecksum": { - "description": "LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last\nreconciliation attempt.\n\nDeprecated: Use LastAttemptedConfigDigest instead.", + "description": "LastAttemptedValuesChecksum is the SHA1 checksum for the values of the last reconciliation attempt. Deprecated: Use LastAttemptedConfigDigest instead.", "type": "string" }, "lastHandledForceAt": { - "description": "LastHandledForceAt holds the value of the most recent force request\nvalue, so a change of the annotation value can be detected.", + "description": "LastHandledForceAt holds the value of the most recent force request value, so a change of the annotation value can be detected.", "type": "string" }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "lastHandledResetAt": { - "description": "LastHandledResetAt holds the value of the most recent reset request\nvalue, so a change of the annotation value can be detected.", + "description": "LastHandledResetAt holds the value of the most recent reset request value, so a change of the annotation value can be detected.", "type": "string" }, "lastReleaseRevision": { - "description": "LastReleaseRevision is the revision of the last successful Helm release.\n\nDeprecated: Use History instead.", + "description": "LastReleaseRevision is the revision of the last successful Helm release. Deprecated: Use History instead.", "type": "integer" }, "observedGeneration": { @@ -1145,18 +1066,14 @@ "type": "integer", "format": "int64" }, - "observedPostRenderersDigest": { - "description": "ObservedPostRenderersDigest is the digest for the post-renderers of\nthe last successful reconciliation attempt.", - "type": "string" - }, "storageNamespace": { - "description": "StorageNamespace is the namespace of the Helm release storage for the\ncurrent release.", + "description": "StorageNamespace is the namespace of the Helm release storage for the current release.", "type": "string", "maxLength": 63, "minLength": 1 }, "upgradeFailures": { - "description": "UpgradeFailures is the upgrade failure count against the latest desired\nstate. It is reset after a successful reconciliation.", + "description": "UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.", "type": "integer", "format": "int64" } diff --git a/schema/hub.traefik.io/apiaccess_v1alpha1.json b/schema/hub.traefik.io/apiaccess_v1alpha1.json index 78ef8d4da..e1621a47a 100644 --- a/schema/hub.traefik.io/apiaccess_v1alpha1.json +++ b/schema/hub.traefik.io/apiaccess_v1alpha1.json @@ -1,28 +1,35 @@ { + "description": "APIAccess defines who can access to a set of APIs.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "The desired behavior of this APIAccess.", "type": "object", "properties": { "apiBundles": { + "description": "APIBundles defines a set of APIBundle that will be accessible to the configured audience.\nMultiple APIAccesses can select the same APIBundles.", "type": "array", "maxItems": 100, "items": { + "description": "APIBundleReference references an APIBundle.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the APIBundle.", "type": "string", "maxLength": 253 } @@ -37,12 +44,14 @@ ] }, "apiPlan": { + "description": "APIPlan defines which APIPlan will be used.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the APIPlan.", "type": "string", "maxLength": 253 } @@ -50,11 +59,14 @@ "additionalProperties": false }, "apiSelector": { + "description": "APISelector selects the APIs that will be accessible to the configured audience.\nMultiple APIAccesses can select the same set of APIs.\nThis field is optional and follows standard label selector semantics.\nAn empty APISelector matches any API.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -62,12 +74,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -80,6 +95,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -90,15 +106,18 @@ "x-kubernetes-map-type": "atomic" }, "apis": { + "description": "APIs defines a set of APIs that will be accessible to the configured audience.\nMultiple APIAccesses can select the same APIs.\nWhen combined with APISelector, this set of APIs is appended to the matching APIs.", "type": "array", "maxItems": 100, "items": { + "description": "APIReference references an API.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the API.", "type": "string", "maxLength": 253 } @@ -113,18 +132,22 @@ ] }, "everyone": { + "description": "Everyone indicates that all users will have access to the selected APIs.", "type": "boolean" }, "groups": { + "description": "Groups are the consumer groups that will gain access to the selected APIs.", "type": "array", "items": { "type": "string" } }, "operationFilter": { + "description": "OperationFilter specifies the allowed operations on APIs and APIVersions.\nIf not set, all operations are available.\nAn empty OperationFilter prohibits all operations.", "type": "object", "properties": { "include": { + "description": "Include defines the names of OperationSets that will be accessible.", "type": "array", "maxItems": 100, "items": { @@ -135,6 +158,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight specifies the evaluation order of the plan.", "type": "integer", "x-kubernetes-validations": [ { @@ -153,9 +177,11 @@ ] }, "status": { + "description": "The current status of this APIAccess.", "type": "object", "properties": { "hash": { + "description": "Hash is a hash representing the APIAccess.", "type": "string" }, "syncedAt": { diff --git a/schema/hub.traefik.io/edgeingress_v1alpha1.json b/schema/hub.traefik.io/edgeingress_v1alpha1.json index 141c6c7f2..6a6e3fe86 100644 --- a/schema/hub.traefik.io/edgeingress_v1alpha1.json +++ b/schema/hub.traefik.io/edgeingress_v1alpha1.json @@ -1,22 +1,27 @@ { + "description": "EdgeIngress defines an edge ingress.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "The desired behavior of this edge ingress.", "type": "object", "required": [ "service" ], "properties": { "acp": { + "description": "EdgeIngressACP configures the ACP to use on the Ingress.", "type": "object", "required": [ "name" @@ -29,12 +34,14 @@ "additionalProperties": false }, "customDomains": { + "description": "CustomDomains are the custom domains for accessing the exposed service.", "type": "array", "items": { "type": "string" } }, "service": { + "description": "EdgeIngressService configures the service to exposed on the edge.", "type": "object", "required": [ "name", @@ -54,21 +61,26 @@ "additionalProperties": false }, "status": { + "description": "The current status of this edge ingress.", "type": "object", "properties": { "connection": { + "description": "Connection is the status of the underlying connection to the edge.", "type": "string" }, "customDomains": { + "description": "CustomDomains are the custom domains for accessing the exposed service.", "type": "array", "items": { "type": "string" } }, "domain": { + "description": "Domain is the Domain for accessing the exposed service.", "type": "string" }, "specHash": { + "description": "SpecHash is a hash representing the EdgeIngressSpec", "type": "string" }, "syncedAt": { @@ -76,6 +88,7 @@ "format": "date-time" }, "urls": { + "description": "URLs is the list of coma separated URL for accessing the exposed service.", "type": "string" }, "version": { diff --git a/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha1.json b/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha1.json index 8285510c7..fe1d7d403 100644 --- a/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha1.json +++ b/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "ImagePolicy is the Schema for the imagepolicies API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ImagePolicySpec defines the parameters for calculating the ImagePolicy", "type": "object", "required": [ "imageRepositoryRef", @@ -18,36 +22,44 @@ ], "properties": { "filterTags": { + "description": "FilterTags enables filtering for only a subset of tags based on a set of rules. If no rules are provided, all the tags from the repository will be ordered and compared.", "type": "object", "properties": { "extract": { + "description": "Extract allows a capture group to be extracted from the specified regular expression pattern, useful before tag evaluation.", "type": "string" }, "pattern": { + "description": "Pattern specifies a regular expression pattern used to filter for image tags.", "type": "string" } }, "additionalProperties": false }, "imageRepositoryRef": { + "description": "ImageRepositoryRef points at the object specifying the image being scanned", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, "additionalProperties": false }, "policy": { + "description": "Policy gives the particulars of the policy to be followed in selecting the most recent image", "type": "object", "properties": { "alphabetical": { + "description": "Alphabetical set of rules to use for alphabetical ordering of the tags.", "type": "object", "properties": { "order": { + "description": "Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.", "type": "string", "default": "asc", "enum": [ @@ -59,9 +71,11 @@ "additionalProperties": false }, "numerical": { + "description": "Numerical set of rules to use for numerical ordering of the tags.", "type": "object", "properties": { "order": { + "description": "Order specifies the sorting order of the tags. Given the integer values from 0 to 9 as tags, ascending order would select 9, and descending order would select 0.", "type": "string", "default": "asc", "enum": [ @@ -73,12 +87,14 @@ "additionalProperties": false }, "semver": { + "description": "SemVer gives a semantic version range to check against the tags available.", "type": "object", "required": [ "range" ], "properties": { "range": { + "description": "Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.", "type": "string" } }, @@ -91,11 +107,13 @@ "additionalProperties": false }, "status": { + "description": "ImagePolicyStatus defines the observed state of ImagePolicy", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -106,25 +124,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -133,6 +156,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -142,6 +166,7 @@ } }, "latestImage": { + "description": "LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.", "type": "string" }, "observedGeneration": { diff --git a/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha2.json b/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha2.json index 8285510c7..fe1d7d403 100644 --- a/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha2.json +++ b/schema/image.toolkit.fluxcd.io/imagepolicy_v1alpha2.json @@ -1,16 +1,20 @@ { + "description": "ImagePolicy is the Schema for the imagepolicies API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ImagePolicySpec defines the parameters for calculating the ImagePolicy", "type": "object", "required": [ "imageRepositoryRef", @@ -18,36 +22,44 @@ ], "properties": { "filterTags": { + "description": "FilterTags enables filtering for only a subset of tags based on a set of rules. If no rules are provided, all the tags from the repository will be ordered and compared.", "type": "object", "properties": { "extract": { + "description": "Extract allows a capture group to be extracted from the specified regular expression pattern, useful before tag evaluation.", "type": "string" }, "pattern": { + "description": "Pattern specifies a regular expression pattern used to filter for image tags.", "type": "string" } }, "additionalProperties": false }, "imageRepositoryRef": { + "description": "ImageRepositoryRef points at the object specifying the image being scanned", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, "additionalProperties": false }, "policy": { + "description": "Policy gives the particulars of the policy to be followed in selecting the most recent image", "type": "object", "properties": { "alphabetical": { + "description": "Alphabetical set of rules to use for alphabetical ordering of the tags.", "type": "object", "properties": { "order": { + "description": "Order specifies the sorting order of the tags. Given the letters of the alphabet as tags, ascending order would select Z, and descending order would select A.", "type": "string", "default": "asc", "enum": [ @@ -59,9 +71,11 @@ "additionalProperties": false }, "numerical": { + "description": "Numerical set of rules to use for numerical ordering of the tags.", "type": "object", "properties": { "order": { + "description": "Order specifies the sorting order of the tags. Given the integer values from 0 to 9 as tags, ascending order would select 9, and descending order would select 0.", "type": "string", "default": "asc", "enum": [ @@ -73,12 +87,14 @@ "additionalProperties": false }, "semver": { + "description": "SemVer gives a semantic version range to check against the tags available.", "type": "object", "required": [ "range" ], "properties": { "range": { + "description": "Range gives a semver range for the image tag; the highest version within the range that's a tag yields the latest image.", "type": "string" } }, @@ -91,11 +107,13 @@ "additionalProperties": false }, "status": { + "description": "ImagePolicyStatus defines the observed state of ImagePolicy", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -106,25 +124,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -133,6 +156,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -142,6 +166,7 @@ } }, "latestImage": { + "description": "LatestImage gives the first in the list of images scanned by the image repository, when filtered and ordered according to the policy.", "type": "string" }, "observedGeneration": { diff --git a/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha1.json b/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha1.json index 79b723f4c..54dcc09e7 100644 --- a/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha1.json +++ b/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha1.json @@ -1,66 +1,81 @@ { + "description": "ImageRepository is the Schema for the imagerepositories API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ImageRepositorySpec defines the parameters for scanning an image repository, e.g., `fluxcd/flux`.", "type": "object", "properties": { "certSecretRef": { + "description": "CertSecretRef can be given the name of a secret containing either or both of \n - a PEM-encoded client certificate (`certFile`) and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) \n and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, "additionalProperties": false }, "image": { + "description": "Image is the name of the image repository", "type": "string" }, "interval": { + "description": "Interval is the length of time to wait between scans of the image repository.", "type": "string" }, "secretRef": { + "description": "SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with `kubectl create secret docker-registry`, or the equivalent.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.", "type": "boolean" }, "timeout": { + "description": "Timeout for image scanning. Defaults to 'Interval' duration.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "ImageRepositoryStatus defines the observed state of ImageRepository", "type": "object", "properties": { "canonicalImageName": { + "description": "CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., `docker.io/library/alpine` rather than `alpine`.", "type": "string" }, "conditions": { "type": "array", "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -71,25 +86,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -98,6 +118,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -107,9 +128,11 @@ } }, "lastHandledReconcileAt": { + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "lastScanResult": { + "description": "LastScanResult contains the number of fetched tags.", "type": "object", "required": [ "tagCount" @@ -126,6 +149,7 @@ "additionalProperties": false }, "observedGeneration": { + "description": "ObservedGeneration is the last reconciled generation.", "type": "integer", "format": "int64" } diff --git a/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha2.json b/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha2.json index 79b723f4c..54dcc09e7 100644 --- a/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha2.json +++ b/schema/image.toolkit.fluxcd.io/imagerepository_v1alpha2.json @@ -1,66 +1,81 @@ { + "description": "ImageRepository is the Schema for the imagerepositories API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ImageRepositorySpec defines the parameters for scanning an image repository, e.g., `fluxcd/flux`.", "type": "object", "properties": { "certSecretRef": { + "description": "CertSecretRef can be given the name of a secret containing either or both of \n - a PEM-encoded client certificate (`certFile`) and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) \n and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, "additionalProperties": false }, "image": { + "description": "Image is the name of the image repository", "type": "string" }, "interval": { + "description": "Interval is the length of time to wait between scans of the image repository.", "type": "string" }, "secretRef": { + "description": "SecretRef can be given the name of a secret containing credentials to use for the image registry. The secret should be created with `kubectl create secret docker-registry`, or the equivalent.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent image scans. It does not apply to already started scans. Defaults to false.", "type": "boolean" }, "timeout": { + "description": "Timeout for image scanning. Defaults to 'Interval' duration.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "ImageRepositoryStatus defines the observed state of ImageRepository", "type": "object", "properties": { "canonicalImageName": { + "description": "CanonicalName is the name of the image repository with all the implied bits made explicit; e.g., `docker.io/library/alpine` rather than `alpine`.", "type": "string" }, "conditions": { "type": "array", "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -71,25 +86,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -98,6 +118,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -107,9 +128,11 @@ } }, "lastHandledReconcileAt": { + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "lastScanResult": { + "description": "LastScanResult contains the number of fetched tags.", "type": "object", "required": [ "tagCount" @@ -126,6 +149,7 @@ "additionalProperties": false }, "observedGeneration": { + "description": "ObservedGeneration is the last reconciled generation.", "type": "integer", "format": "int64" } diff --git a/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha1.json b/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha1.json index ec9af6fd2..a0ce7f5a6 100644 --- a/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha1.json +++ b/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "ImageUpdateAutomation is the Schema for the imageupdateautomations API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation", "type": "object", "required": [ "checkout", @@ -19,6 +23,7 @@ ], "properties": { "checkout": { + "description": "Checkout gives the parameters for cloning the git repository, ready to make changes.", "type": "object", "required": [ "branch", @@ -26,15 +31,18 @@ ], "properties": { "branch": { + "description": "Branch gives the branch to clone from the git repository. If `.spec.push` is not supplied, commits will also be pushed to this branch.", "type": "string" }, "gitRepositoryRef": { + "description": "GitRepositoryRef refers to the resource giving access details to a git repository to update files in.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, @@ -44,6 +52,7 @@ "additionalProperties": false }, "commit": { + "description": "Commit specifies how to commit to the git repository.", "type": "object", "required": [ "authorEmail", @@ -51,24 +60,30 @@ ], "properties": { "authorEmail": { + "description": "AuthorEmail gives the email to provide when making a commit", "type": "string" }, "authorName": { + "description": "AuthorName gives the name to provide when making a commit", "type": "string" }, "messageTemplate": { + "description": "MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.", "type": "string" }, "signingKey": { + "description": "SigningKey provides the option to sign commits with a GPG key", "type": "object", "properties": { "secretRef": { + "description": "SecretRef holds the name to a secret that contains a 'git.asc' key corresponding to the ASCII Armored file containing the GPG signing keypair as the value. It must be in the same namespace as the ImageUpdateAutomation.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, @@ -81,24 +96,29 @@ "additionalProperties": false }, "interval": { + "description": "Interval gives an lower bound for how often the automation run should be attempted.", "type": "string" }, "push": { + "description": "Push specifies how and where to push commits made by the automation. If missing, commits are pushed (back) to `.spec.checkout.branch`.", "type": "object", "required": [ "branch" ], "properties": { "branch": { + "description": "Branch specifies that commits should be pushed to the branch named. The branch is created using `.spec.checkout.branch` as the starting point, if it doesn't already exist.", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "Suspend tells the controller to not run this automation, until it is unset (or set to false). Defaults to false.", "type": "boolean" }, "update": { + "description": "Update gives the specification for how to update the files in the repository. This can be left empty, to use the default value.", "type": "object", "default": { "strategy": "Setters" @@ -108,9 +128,11 @@ ], "properties": { "path": { + "description": "Path to the directory containing the manifests to be updated. Defaults to 'None', which translates to the root path of the GitRepositoryRef.", "type": "string" }, "strategy": { + "description": "Strategy names the strategy to be used.", "type": "string", "default": "Setters", "enum": [ @@ -124,11 +146,13 @@ "additionalProperties": false }, "status": { + "description": "ImageUpdateAutomationStatus defines the observed state of ImageUpdateAutomation", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -139,25 +163,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -166,6 +195,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -175,16 +205,20 @@ } }, "lastAutomationRunTime": { + "description": "LastAutomationRunTime records the last time the controller ran this automation through to completion (even if no updates were made).", "type": "string", "format": "date-time" }, "lastHandledReconcileAt": { + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "lastPushCommit": { + "description": "LastPushCommit records the SHA1 of the last commit made by the controller, for this automation object", "type": "string" }, "lastPushTime": { + "description": "LastPushTime records the time of the last pushed change.", "type": "string", "format": "date-time" }, diff --git a/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha2.json b/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha2.json index dda083e36..e633be54c 100644 --- a/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha2.json +++ b/schema/image.toolkit.fluxcd.io/imageupdateautomation_v1alpha2.json @@ -1,16 +1,20 @@ { + "description": "ImageUpdateAutomation is the Schema for the imageupdateautomations API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ImageUpdateAutomationSpec defines the desired state of ImageUpdateAutomation", "type": "object", "required": [ "interval", @@ -18,30 +22,37 @@ ], "properties": { "git": { + "description": "GitSpec contains all the git-specific definitions. This is technically optional, but in practice mandatory until there are other kinds of source allowed.", "type": "object", "required": [ "commit" ], "properties": { "checkout": { + "description": "Checkout gives the parameters for cloning the git repository, ready to make changes. If not present, the `spec.ref` field from the referenced `GitRepository` or its default will be used.", "type": "object", "required": [ "ref" ], "properties": { "ref": { + "description": "Reference gives a branch, tag or commit to clone from the Git repository.", "type": "object", "properties": { "branch": { + "description": "The Git branch to checkout, defaults to master.", "type": "string" }, "commit": { + "description": "The Git commit SHA to checkout, if specified Tag filters will be ignored.", "type": "string" }, "semver": { + "description": "The Git tag semver expression, takes precedence over Tag.", "type": "string" }, "tag": { + "description": "The Git tag to checkout, takes precedence over Branch.", "type": "string" } }, @@ -51,39 +62,47 @@ "additionalProperties": false }, "commit": { + "description": "Commit specifies how to commit to the git repository.", "type": "object", "required": [ "author" ], "properties": { "author": { + "description": "Author gives the email and optionally the name to use as the author of commits.", "type": "object", "required": [ "email" ], "properties": { "email": { + "description": "Email gives the email to provide when making a commit.", "type": "string" }, "name": { + "description": "Name gives the name to provide when making a commit.", "type": "string" } }, "additionalProperties": false }, "messageTemplate": { + "description": "MessageTemplate provides a template for the commit message, into which will be interpolated the details of the change made.", "type": "string" }, "signingKey": { + "description": "SigningKey provides the option to sign commits with a GPG key", "type": "object", "properties": { "secretRef": { + "description": "SecretRef holds the name to a secret that contains a 'git.asc' key corresponding to the ASCII Armored file containing the GPG signing keypair as the value. It must be in the same namespace as the ImageUpdateAutomation.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referent.", "type": "string" } }, @@ -96,12 +115,14 @@ "additionalProperties": false }, "push": { + "description": "Push specifies how and where to push commits made by the automation. If missing, commits are pushed (back) to `.spec.checkout.branch` or its default.", "type": "object", "required": [ "branch" ], "properties": { "branch": { + "description": "Branch specifies that commits should be pushed to the branch named. The branch is created using `.spec.checkout.branch` as the starting point, if it doesn't already exist.", "type": "string" } }, @@ -111,9 +132,11 @@ "additionalProperties": false }, "interval": { + "description": "Interval gives an lower bound for how often the automation run should be attempted.", "type": "string" }, "sourceRef": { + "description": "SourceRef refers to the resource giving access details to a git repository.", "type": "object", "required": [ "kind", @@ -121,9 +144,11 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string", "default": "GitRepository", "enum": [ @@ -131,15 +156,18 @@ ] }, "name": { + "description": "Name of the referent", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "Suspend tells the controller to not run this automation, until it is unset (or set to false). Defaults to false.", "type": "boolean" }, "update": { + "description": "Update gives the specification for how to update the files in the repository. This can be left empty, to use the default value.", "type": "object", "default": { "strategy": "Setters" @@ -149,9 +177,11 @@ ], "properties": { "path": { + "description": "Path to the directory containing the manifests to be updated. Defaults to 'None', which translates to the root path of the GitRepositoryRef.", "type": "string" }, "strategy": { + "description": "Strategy names the strategy to be used.", "type": "string", "default": "Setters", "enum": [ @@ -165,11 +195,13 @@ "additionalProperties": false }, "status": { + "description": "ImageUpdateAutomationStatus defines the observed state of ImageUpdateAutomation", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -180,25 +212,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -207,6 +244,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -216,16 +254,20 @@ } }, "lastAutomationRunTime": { + "description": "LastAutomationRunTime records the last time the controller ran this automation through to completion (even if no updates were made).", "type": "string", "format": "date-time" }, "lastHandledReconcileAt": { + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "lastPushCommit": { + "description": "LastPushCommit records the SHA1 of the last commit made by the controller, for this automation object", "type": "string" }, "lastPushTime": { + "description": "LastPushTime records the time of the last pushed change.", "type": "string", "format": "date-time" }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha2.json b/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha2.json index bb6e4f217..d2a11e53a 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha2.json +++ b/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha2.json @@ -1,16 +1,20 @@ { + "description": "AzureCluster is the Schema for the azureclusters API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureClusterSpec defines the desired state of AzureCluster", "type": "object", "required": [ "location", @@ -18,6 +22,7 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.", "type": "object", "additionalProperties": { "type": "string" @@ -27,40 +32,51 @@ "type": "string" }, "networkSpec": { + "description": "NetworkSpec encapsulates all things related to Azure network.", "type": "object", "properties": { "subnets": { + "description": "Subnets is the configuration for the control-plane subnet and the node subnet.", "type": "array", "items": { + "description": "SubnetSpec configures an Azure subnet.", "type": "object", "required": [ "name" ], "properties": { "cidrBlock": { + "description": "CidrBlock is the CIDR block to be used when the provider creates a managed Vnet.", "type": "string" }, "id": { + "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "internalLBIPAddress": { + "description": "InternalLBIPAddress is the IP address that will be used as the internal LB private IP. For the control plane subnet only.", "type": "string" }, "name": { + "description": "Name defines a name for the subnet resource.", "type": "string" }, "role": { + "description": "Role defines the subnet role (eg. Node, ControlPlane)", "type": "string" }, "securityGroup": { + "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "type": "object", "properties": { "id": { "type": "string" }, "ingressRule": { + "description": "IngressRules is a slice of Azure ingress rules for security groups.", "type": "array", "items": { + "description": "IngressRule defines an Azure ingress rule for security groups.", "type": "object", "required": [ "description", @@ -71,18 +87,23 @@ "type": "string" }, "destination": { + "description": "Destination - The destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { + "description": "DestinationPorts - The destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "protocol": { + "description": "SecurityGroupProtocol defines the protocol type for a security group rule.", "type": "string" }, "source": { + "description": "Source - The CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { + "description": "SourcePorts - The source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" } }, @@ -93,6 +114,7 @@ "type": "string" }, "tags": { + "description": "Tags defines a map of tags.", "type": "object", "additionalProperties": { "type": "string" @@ -106,24 +128,30 @@ } }, "vnet": { + "description": "Vnet is the configuration for the Azure virtual network.", "type": "object", "required": [ "name" ], "properties": { "cidrBlock": { + "description": "CidrBlock is the CIDR block to be used when the provider creates a managed virtual network.", "type": "string" }, "id": { + "description": "ID is the identifier of the virtual network this provider should use to create resources.", "type": "string" }, "name": { + "description": "Name defines a name for the virtual network resource.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the name of the resource group of the existing virtual network or the resource group where a managed virtual network should be created.", "type": "string" }, "tags": { + "description": "Tags is a collection of tags describing the resource.", "type": "object", "additionalProperties": { "type": "string" @@ -142,11 +170,14 @@ "additionalProperties": false }, "status": { + "description": "AzureClusterStatus defines the observed state of AzureCluster", "type": "object", "properties": { "apiEndpoints": { + "description": "APIEndpoints represents the endpoints to communicate with the control plane.", "type": "array", "items": { + "description": "APIEndpoint represents a reachable Kubernetes API endpoint.", "type": "object", "required": [ "host", @@ -154,9 +185,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer" } }, @@ -164,11 +197,14 @@ } }, "bastion": { + "description": "VM describes an Azure virtual machine.", "type": "object", "properties": { "addresses": { + "description": "Addresses contains the Azure instance associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -176,9 +212,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -192,9 +230,11 @@ "type": "string" }, "identity": { + "description": "VMIdentity defines the identity of the virtual machine, if configured.", "type": "string" }, "image": { + "description": "Storage profile", "type": "object", "properties": { "gallery": { @@ -264,24 +304,29 @@ "type": "string" }, "tags": { + "description": "Tags defines a map of tags.", "type": "object", "additionalProperties": { "type": "string" } }, "vmSize": { + "description": "Hardware profile", "type": "string" }, "vmState": { + "description": "State - The provisioning state, which only appears in the response.", "type": "string" } }, "additionalProperties": false }, "network": { + "description": "Network encapsulates Azure networking resources.", "type": "object", "properties": { "apiServerIp": { + "description": "APIServerIP is the Kubernetes API server public IP address.", "type": "object", "properties": { "dnsName": { @@ -300,6 +345,7 @@ "additionalProperties": false }, "apiServerLb": { + "description": "APIServerLB is the Kubernetes API server load balancer.", "type": "object", "properties": { "backendPool": { @@ -324,9 +370,11 @@ "type": "string" }, "sku": { + "description": "LoadBalancerSKU enumerates the values for load balancer sku name.", "type": "string" }, "tags": { + "description": "Tags defines a map of tags.", "type": "object", "additionalProperties": { "type": "string" @@ -336,6 +384,7 @@ "additionalProperties": false }, "securityGroups": { + "description": "SecurityGroups is a map from the role/kind of the security group to its unique name, if any.", "type": "object", "additionalProperties": { "description": "SecurityGroup defines an Azure security group.", @@ -398,6 +447,7 @@ "additionalProperties": false }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha3.json index 6098c0c93..58b7962b2 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha3.json @@ -1,28 +1,34 @@ { + "description": "AzureCluster is the Schema for the azureclusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureClusterSpec defines the desired state of AzureCluster.", "type": "object", "required": [ "location" ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.", "type": "object", "additionalProperties": { "type": "string" } }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -30,9 +36,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -40,27 +48,35 @@ "additionalProperties": false }, "identityRef": { + "description": "IdentityRef is a reference to a AzureIdentity to be used when reconciling this cluster", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -71,14 +87,17 @@ "type": "string" }, "networkSpec": { + "description": "NetworkSpec encapsulates all things related to Azure network.", "type": "object", "properties": { "apiServerLB": { + "description": "APIServerLB is the configuration for the control-plane load balancer.", "type": "object", "properties": { "frontendIPs": { "type": "array", "items": { + "description": "FrontendIP defines a load balancer frontend IP configuration.", "type": "object", "required": [ "name" @@ -92,6 +111,7 @@ "type": "string" }, "publicIP": { + "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "type": "object", "required": [ "name" @@ -117,44 +137,55 @@ "type": "string" }, "sku": { + "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { + "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "additionalProperties": false }, "subnets": { + "description": "Subnets is the configuration for the control-plane subnet and the node subnet.", "type": "array", "items": { + "description": "SubnetSpec configures an Azure subnet.", "type": "object", "required": [ "name" ], "properties": { "cidrBlock": { + "description": "CidrBlock is the CIDR block to be used when the provider creates a managed Vnet. Deprecated: Use CIDRBlocks instead", "type": "string" }, "cidrBlocks": { + "description": "CIDRBlocks defines the subnet's address space, specified as one or more address prefixes in CIDR notation.", "type": "array", "items": { "type": "string" } }, "id": { + "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "internalLBIPAddress": { + "description": "InternalLBIPAddress is the IP address that will be used as the internal LB private IP. For the control plane subnet only. Deprecated: Use LoadBalancer private IP instead", "type": "string" }, "name": { + "description": "Name defines a name for the subnet resource.", "type": "string" }, "role": { + "description": "Role defines the subnet role (eg. Node, ControlPlane)", "type": "string" }, "routeTable": { + "description": "RouteTable defines the route table that should be attached to this subnet.", "type": "object", "properties": { "id": { @@ -167,14 +198,17 @@ "additionalProperties": false }, "securityGroup": { + "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "type": "object", "properties": { "id": { "type": "string" }, "ingressRule": { + "description": "IngressRules is a slice of Azure ingress rules for security groups.", "type": "array", "items": { + "description": "IngressRule defines an Azure ingress rule for security groups.", "type": "object", "required": [ "description", @@ -186,25 +220,31 @@ "type": "string" }, "destination": { + "description": "Destination - The destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { + "description": "DestinationPorts - The destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "name": { "type": "string" }, "priority": { + "description": "Priority - A number between 100 and 4096. Each rule should have a unique value for priority. Rules are processed in priority order, with lower numbers processed before higher numbers. Once traffic matches a rule, processing stops.", "type": "integer", "format": "int32" }, "protocol": { + "description": "SecurityGroupProtocol defines the protocol type for a security group rule.", "type": "string" }, "source": { + "description": "Source - The CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { + "description": "SourcePorts - The source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" } }, @@ -215,6 +255,7 @@ "type": "string" }, "tags": { + "description": "Tags defines a map of tags.", "type": "object", "additionalProperties": { "type": "string" @@ -228,30 +269,37 @@ } }, "vnet": { + "description": "Vnet is the configuration for the Azure virtual network.", "type": "object", "required": [ "name" ], "properties": { "cidrBlock": { + "description": "CidrBlock is the CIDR block to be used when the provider creates a managed virtual network. Deprecated: Use CIDRBlocks instead", "type": "string" }, "cidrBlocks": { + "description": "CIDRBlocks defines the virtual network's address space, specified as one or more address prefixes in CIDR notation.", "type": "array", "items": { "type": "string" } }, "id": { + "description": "ID is the identifier of the virtual network this provider should use to create resources.", "type": "string" }, "name": { + "description": "Name defines a name for the virtual network resource.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the name of the resource group of the existing virtual network or the resource group where a managed virtual network should be created.", "type": "string" }, "tags": { + "description": "Tags is a collection of tags describing the resource.", "type": "object", "additionalProperties": { "type": "string" @@ -273,11 +321,14 @@ "additionalProperties": false }, "status": { + "description": "AzureClusterStatus defines the observed state of AzureCluster.", "type": "object", "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureCluster.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -285,22 +336,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -308,6 +365,7 @@ } }, "failureDomains": { + "description": "FailureDomains specifies the list of unique failure domains for the location/region of the cluster. A FailureDomain maps to Availability Zone with an Azure Region (if the region support them). An Availability Zone is a separate data center within a region and they can be used to ensure the cluster is more resilient to failure. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview This list will be used by Cluster API to try and spread the machines across the failure domains.", "type": "object", "additionalProperties": { "description": "FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.", @@ -328,6 +386,7 @@ } }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha4.json index 388d196eb..e09babd12 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azurecluster_v1alpha4.json @@ -1,40 +1,49 @@ { + "description": "AzureCluster is the Schema for the azureclusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureClusterSpec defines the desired state of AzureCluster.", "type": "object", "required": [ "location" ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.", "type": "object", "additionalProperties": { "type": "string" } }, "azureEnvironment": { + "description": "AzureEnvironment is the name of the AzureCloud to be used. The default value that would be used by most users is \"AzurePublicCloud\", other values are: - ChinaCloud: \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: \"AzureUSGovernmentCloud\"", "type": "string" }, "bastionSpec": { + "description": "BastionSpec encapsulates all things related to the Bastions in the cluster.", "type": "object", "properties": { "azureBastion": { + "description": "AzureBastion specifies how the Azure Bastion cloud component should be configured.", "type": "object", "properties": { "name": { "type": "string" }, "publicIP": { + "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "type": "object", "required": [ "name" @@ -50,30 +59,36 @@ "additionalProperties": false }, "subnet": { + "description": "SubnetSpec configures an Azure subnet.", "type": "object", "required": [ "name" ], "properties": { "cidrBlocks": { + "description": "CIDRBlocks defines the subnet's address space, specified as one or more address prefixes in CIDR notation.", "type": "array", "items": { "type": "string" } }, "id": { + "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "name": { + "description": "Name defines a name for the subnet resource.", "type": "string" }, "natGateway": { + "description": "NatGateway associated with this subnet.", "type": "object", "properties": { "id": { "type": "string" }, "ip": { + "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "type": "object", "required": [ "name" @@ -95,9 +110,11 @@ "additionalProperties": false }, "role": { + "description": "Role defines the subnet role (eg. Node, ControlPlane)", "type": "string" }, "routeTable": { + "description": "RouteTable defines the route table that should be attached to this subnet.", "type": "object", "properties": { "id": { @@ -110,6 +127,7 @@ "additionalProperties": false }, "securityGroup": { + "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "type": "object", "properties": { "id": { @@ -119,8 +137,10 @@ "type": "string" }, "securityRules": { + "description": "SecurityRules is a slice of Azure security rules for security groups.", "type": "array", "items": { + "description": "SecurityRule defines an Azure security rule for security groups.", "type": "object", "required": [ "description", @@ -130,15 +150,19 @@ ], "properties": { "description": { + "description": "A description for this rule. Restricted to 140 chars.", "type": "string" }, "destination": { + "description": "Destination is the destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { + "description": "DestinationPorts specifies the destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "direction": { + "description": "Direction indicates whether the rule applies to inbound, or outbound traffic. \"Inbound\" or \"Outbound\".", "type": "string", "enum": [ "Inbound", @@ -146,13 +170,16 @@ ] }, "name": { + "description": "Name is a unique name within the network security group.", "type": "string" }, "priority": { + "description": "Priority is a number between 100 and 4096. Each rule should have a unique value for priority. Rules are processed in priority order, with lower numbers processed before higher numbers. Once traffic matches a rule, processing stops.", "type": "integer", "format": "int32" }, "protocol": { + "description": "Protocol specifies the protocol type. \"Tcp\", \"Udp\", \"Icmp\", or \"*\".", "type": "string", "enum": [ "Tcp", @@ -162,9 +189,11 @@ ] }, "source": { + "description": "Source specifies the CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { + "description": "SourcePorts specifies source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" } }, @@ -172,6 +201,7 @@ } }, "tags": { + "description": "Tags defines a map of tags.", "type": "object", "additionalProperties": { "type": "string" @@ -190,9 +220,11 @@ "additionalProperties": false }, "cloudProviderConfigOverrides": { + "description": "CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config. This is only a subset of options that are available in azure cloud provider config. Some values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides. See: https://kubernetes-sigs.github.io/cloud-provider-azure/install/configs Note: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider.", "type": "object", "properties": { "backOffs": { + "description": "BackOffConfig indicates the back-off config options.", "type": "object", "properties": { "cloudProviderBackoff": { @@ -234,9 +266,11 @@ "rateLimits": { "type": "array", "items": { + "description": "RateLimitSpec represents the rate limit configuration for a particular kind of resource. Eg. loadBalancerRateLimit is used to configure rate limits for load balancers. This eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 We cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools. See: https://github.com/kubernetes-sigs/controller-tools/issues/245", "type": "object", "properties": { "config": { + "description": "RateLimitConfig indicates the rate limit config options.", "type": "object", "properties": { "cloudProviderRateLimit": { @@ -276,6 +310,7 @@ "additionalProperties": false }, "name": { + "description": "Name is the name of the rate limit spec.", "type": "string", "enum": [ "defaultRateLimit", @@ -303,6 +338,7 @@ "additionalProperties": false }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -310,9 +346,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -320,27 +358,35 @@ "additionalProperties": false }, "identityRef": { + "description": "IdentityRef is a reference to an AzureIdentity to be used when reconciling this cluster", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -351,14 +397,17 @@ "type": "string" }, "networkSpec": { + "description": "NetworkSpec encapsulates all things related to Azure network.", "type": "object", "properties": { "apiServerLB": { + "description": "APIServerLB is the configuration for the control-plane load balancer.", "type": "object", "properties": { "frontendIPs": { "type": "array", "items": { + "description": "FrontendIP defines a load balancer frontend IP configuration.", "type": "object", "required": [ "name" @@ -372,6 +421,7 @@ "type": "string" }, "publicIP": { + "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "type": "object", "required": [ "name" @@ -391,6 +441,7 @@ } }, "frontendIPsCount": { + "description": "FrontendIPsCount specifies the number of frontend IP addresses for the load balancer.", "type": "integer", "format": "int32" }, @@ -398,6 +449,7 @@ "type": "string" }, "idleTimeoutInMinutes": { + "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "type": "integer", "format": "int32" }, @@ -405,20 +457,24 @@ "type": "string" }, "sku": { + "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { + "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "additionalProperties": false }, "controlPlaneOutboundLB": { + "description": "ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer. This is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic.", "type": "object", "properties": { "frontendIPs": { "type": "array", "items": { + "description": "FrontendIP defines a load balancer frontend IP configuration.", "type": "object", "required": [ "name" @@ -432,6 +488,7 @@ "type": "string" }, "publicIP": { + "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "type": "object", "required": [ "name" @@ -451,6 +508,7 @@ } }, "frontendIPsCount": { + "description": "FrontendIPsCount specifies the number of frontend IP addresses for the load balancer.", "type": "integer", "format": "int32" }, @@ -458,6 +516,7 @@ "type": "string" }, "idleTimeoutInMinutes": { + "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "type": "integer", "format": "int32" }, @@ -465,20 +524,24 @@ "type": "string" }, "sku": { + "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { + "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "additionalProperties": false }, "nodeOutboundLB": { + "description": "NodeOutboundLB is the configuration for the node outbound load balancer.", "type": "object", "properties": { "frontendIPs": { "type": "array", "items": { + "description": "FrontendIP defines a load balancer frontend IP configuration.", "type": "object", "required": [ "name" @@ -492,6 +555,7 @@ "type": "string" }, "publicIP": { + "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "type": "object", "required": [ "name" @@ -511,6 +575,7 @@ } }, "frontendIPsCount": { + "description": "FrontendIPsCount specifies the number of frontend IP addresses for the load balancer.", "type": "integer", "format": "int32" }, @@ -518,6 +583,7 @@ "type": "string" }, "idleTimeoutInMinutes": { + "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "type": "integer", "format": "int32" }, @@ -525,44 +591,54 @@ "type": "string" }, "sku": { + "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { + "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "additionalProperties": false }, "privateDNSZoneName": { + "description": "PrivateDNSZoneName defines the zone name for the Azure Private DNS.", "type": "string" }, "subnets": { + "description": "Subnets is the configuration for the control-plane subnet and the node subnet.", "type": "array", "items": { + "description": "SubnetSpec configures an Azure subnet.", "type": "object", "required": [ "name" ], "properties": { "cidrBlocks": { + "description": "CIDRBlocks defines the subnet's address space, specified as one or more address prefixes in CIDR notation.", "type": "array", "items": { "type": "string" } }, "id": { + "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "name": { + "description": "Name defines a name for the subnet resource.", "type": "string" }, "natGateway": { + "description": "NatGateway associated with this subnet.", "type": "object", "properties": { "id": { "type": "string" }, "ip": { + "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "type": "object", "required": [ "name" @@ -584,9 +660,11 @@ "additionalProperties": false }, "role": { + "description": "Role defines the subnet role (eg. Node, ControlPlane)", "type": "string" }, "routeTable": { + "description": "RouteTable defines the route table that should be attached to this subnet.", "type": "object", "properties": { "id": { @@ -599,6 +677,7 @@ "additionalProperties": false }, "securityGroup": { + "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "type": "object", "properties": { "id": { @@ -608,8 +687,10 @@ "type": "string" }, "securityRules": { + "description": "SecurityRules is a slice of Azure security rules for security groups.", "type": "array", "items": { + "description": "SecurityRule defines an Azure security rule for security groups.", "type": "object", "required": [ "description", @@ -619,15 +700,19 @@ ], "properties": { "description": { + "description": "A description for this rule. Restricted to 140 chars.", "type": "string" }, "destination": { + "description": "Destination is the destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { + "description": "DestinationPorts specifies the destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "direction": { + "description": "Direction indicates whether the rule applies to inbound, or outbound traffic. \"Inbound\" or \"Outbound\".", "type": "string", "enum": [ "Inbound", @@ -635,13 +720,16 @@ ] }, "name": { + "description": "Name is a unique name within the network security group.", "type": "string" }, "priority": { + "description": "Priority is a number between 100 and 4096. Each rule should have a unique value for priority. Rules are processed in priority order, with lower numbers processed before higher numbers. Once traffic matches a rule, processing stops.", "type": "integer", "format": "int32" }, "protocol": { + "description": "Protocol specifies the protocol type. \"Tcp\", \"Udp\", \"Icmp\", or \"*\".", "type": "string", "enum": [ "Tcp", @@ -651,9 +739,11 @@ ] }, "source": { + "description": "Source specifies the CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { + "description": "SourcePorts specifies source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" } }, @@ -661,6 +751,7 @@ } }, "tags": { + "description": "Tags defines a map of tags.", "type": "object", "additionalProperties": { "type": "string" @@ -674,27 +765,33 @@ } }, "vnet": { + "description": "Vnet is the configuration for the Azure virtual network.", "type": "object", "required": [ "name" ], "properties": { "cidrBlocks": { + "description": "CIDRBlocks defines the virtual network's address space, specified as one or more address prefixes in CIDR notation.", "type": "array", "items": { "type": "string" } }, "id": { + "description": "ID is the identifier of the virtual network this provider should use to create resources.", "type": "string" }, "name": { + "description": "Name defines a name for the virtual network resource.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the name of the resource group of the existing virtual network or the resource group where a managed virtual network should be created.", "type": "string" }, "tags": { + "description": "Tags is a collection of tags describing the resource.", "type": "object", "additionalProperties": { "type": "string" @@ -716,11 +813,14 @@ "additionalProperties": false }, "status": { + "description": "AzureClusterStatus defines the observed state of AzureCluster.", "type": "object", "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureCluster.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -728,22 +828,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -751,6 +857,7 @@ } }, "failureDomains": { + "description": "FailureDomains specifies the list of unique failure domains for the location/region of the cluster. A FailureDomain maps to Availability Zone with an Azure Region (if the region support them). An Availability Zone is a separate data center within a region and they can be used to ensure the cluster is more resilient to failure. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview This list will be used by Cluster API to try and spread the machines across the failure domains.", "type": "object", "additionalProperties": { "description": "FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.", @@ -771,8 +878,10 @@ } }, "longRunningOperationStates": { + "description": "LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the next reconciliation loop.", "type": "array", "items": { + "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "type": "object", "required": [ "name", @@ -781,18 +890,23 @@ ], "properties": { "data": { + "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { + "description": "Name is the name of the Azure resource. Together with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { + "description": "ServiceName is the name of the Azure service. Together with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { + "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, @@ -800,6 +914,7 @@ } }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha3.json index 8e5b5540c..b625b50af 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "AzureClusterIdentity is the Schema for the azureclustersidentities API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureClusterIdentitySpec defines the parameters that are used to create an AzureIdentity.", "type": "object", "required": [ "clientID", @@ -19,21 +23,26 @@ ], "properties": { "allowedNamespaces": { + "description": "AllowedNamespaces is an array of namespaces that AzureClusters can use this Identity from. \n An empty list (default) indicates that AzureClusters can use this Identity from any namespace. This field is intentionally not a pointer because the nil behavior (no namespaces) is undesirable here.", "type": "array", "items": { "type": "string" } }, "clientID": { + "description": "Both User Assigned MSI and SP can use this field.", "type": "string" }, "clientSecret": { + "description": "ClientSecret is a secret reference which should contain either a Service Principal password or certificate secret.", "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, @@ -41,12 +50,15 @@ "x-kubernetes-map-type": "atomic" }, "resourceID": { + "description": "User assigned MSI resource id.", "type": "string" }, "tenantID": { + "description": "Service principal primary tenant id.", "type": "string" }, "type": { + "description": "UserAssignedMSI or Service Principal", "type": "string", "enum": [ "ServicePrincipal", @@ -57,11 +69,14 @@ "additionalProperties": false }, "status": { + "description": "AzureClusterIdentityStatus defines the observed state of AzureClusterIdentity.", "type": "object", "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureClusterIdentity.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -69,22 +84,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha4.json index 5e0ca7a88..0ec5e2d10 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azureclusteridentity_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "AzureClusterIdentity is the Schema for the azureclustersidentities API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureClusterIdentitySpec defines the parameters that are used to create an AzureIdentity.", "type": "object", "required": [ "clientID", @@ -19,9 +23,11 @@ ], "properties": { "allowedNamespaces": { + "description": "AllowedNamespaces is used to identify the namespaces the clusters are allowed to use the identity from. Namespaces can be selected either using an array of namespaces or with label selector. An empty allowedNamespaces object indicates that AzureClusters can use this identity from any namespace. If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) A namespace should be either in the NamespaceList or match with Selector to use the identity.", "type": "object", "properties": { "list": { + "description": "A nil or empty list indicates that AzureCluster cannot use the identity from any namespace.", "type": "array", "items": { "type": "string" @@ -29,11 +35,14 @@ "nullable": true }, "selector": { + "description": "Selector is a selector of namespaces that AzureCluster can use this Identity from. This is a standard Kubernetes LabelSelector, a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. \n A nil or empty selector indicates that AzureCluster cannot use this AzureClusterIdentity from any namespace.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -41,12 +50,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -57,6 +69,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -71,15 +84,19 @@ "nullable": true }, "clientID": { + "description": "Both User Assigned MSI and SP can use this field.", "type": "string" }, "clientSecret": { + "description": "ClientSecret is a secret reference which should contain either a Service Principal password or certificate secret.", "type": "object", "properties": { "name": { + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, @@ -87,12 +104,15 @@ "x-kubernetes-map-type": "atomic" }, "resourceID": { + "description": "User assigned MSI resource id.", "type": "string" }, "tenantID": { + "description": "Service principal primary tenant id.", "type": "string" }, "type": { + "description": "UserAssignedMSI or Service Principal", "type": "string", "enum": [ "ServicePrincipal", @@ -103,11 +123,14 @@ "additionalProperties": false }, "status": { + "description": "AzureClusterIdentityStatus defines the observed state of AzureClusterIdentity.", "type": "object", "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureClusterIdentity.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -115,22 +138,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha2.json b/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha2.json index fc5b698f8..3c9af888c 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha2.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha2.json @@ -1,16 +1,20 @@ { + "description": "AzureMachine is the Schema for the azuremachines API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachineSpec defines the desired state of AzureMachine", "type": "object", "required": [ "location", @@ -20,12 +24,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "allocatePublicIP": { + "description": "AllocatePublicIP allows the ability to create dynamic public ips for machines where this value is true.", "type": "boolean" }, "availabilityZone": { @@ -41,6 +47,7 @@ "additionalProperties": false }, "image": { + "description": "Image defines information about the image to use for VM creation. There are three ways to specify an image: by ID, by publisher, or by Shared Image Gallery. If specifying an image by ID, only the ID field needs to be set. If specifying an image by publisher, the Publisher, Offer, SKU, and Version fields must be set. If specifying an image from a Shared Image Gallery, the SubscriptionID, ResourceGroup, Gallery, Name, and Version fields must be set.", "type": "object", "properties": { "gallery": { @@ -107,6 +114,7 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshPublicKey": { @@ -119,11 +127,14 @@ "additionalProperties": false }, "status": { + "description": "AzureMachineStatus defines the observed state of AzureMachine", "type": "object", "properties": { "addresses": { + "description": "Addresses contains the Azure instance associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -131,9 +142,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -141,15 +154,19 @@ } }, "errorMessage": { + "description": "ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "ErrorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "vmState": { + "description": "VMState is the provisioning state of the Azure virtual machine.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha3.json index a10f2985c..7a4c02cf8 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "AzureMachine is the Schema for the azuremachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachineSpec defines the desired state of AzureMachine.", "type": "object", "required": [ "location", @@ -20,18 +24,22 @@ ], "properties": { "acceleratedNetworking": { + "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on whether the requested VMSize supports accelerated networking. If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "allocatePublicIP": { + "description": "AllocatePublicIP allows the ability to create dynamic public ips for machines where this value is true.", "type": "boolean" }, "availabilityZone": { + "description": "Deprecated: use FailureDomain instead", "type": "object", "properties": { "enabled": { @@ -44,8 +52,10 @@ "additionalProperties": false }, "dataDisks": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -56,23 +66,28 @@ "type": "string" }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int32" }, "lun": { + "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. The value must be between 0 and 63.", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk defines the managed disk options for a VM.", "type": "object", "required": [ "storageAccountType" ], "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -85,6 +100,7 @@ "additionalProperties": false }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cmachineName\u003e_\u003cnameSuffix\u003e.", "type": "string" } }, @@ -92,12 +108,15 @@ } }, "enableIPForwarding": { + "description": "EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller manager). Default is false for disabled.", "type": "boolean" }, "failureDomain": { + "description": "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. This relates to an Azure Availability Zone", "type": "string" }, "identity": { + "description": "Identity is the type of identity used for the virtual machine. The type 'SystemAssigned' is an implicitly created identity. The generated identity will be assigned a Subscription contributor role. The type 'UserAssigned' is a standalone Azure resource provided by the user and assigned to the VM", "type": "string", "default": "None", "enum": [ @@ -107,12 +126,15 @@ ] }, "image": { + "description": "Image is used to provide details of an image to use during VM creation. If image details are omitted the image will default the Azure Marketplace \"capi\" offer, which is based on Ubuntu.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -122,22 +144,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -145,6 +172,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -155,22 +183,27 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -181,9 +214,11 @@ "additionalProperties": false }, "location": { + "description": "Deprecated: to support old clients, will be removed in v1alpha4/v1beta1", "type": "string" }, "osDisk": { + "description": "OSDisk specifies the parameters for the operating system disk of the machine", "type": "object", "required": [ "diskSizeGB", @@ -195,12 +230,14 @@ "type": "string" }, "diffDiskSettings": { + "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "type": "object", "required": [ "option" ], "properties": { "option": { + "description": "Option enables ephemeral OS when set to \"Local\" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details", "type": "string", "enum": [ "Local" @@ -214,15 +251,18 @@ "format": "int32" }, "managedDisk": { + "description": "ManagedDisk defines the managed disk options for a VM.", "type": "object", "required": [ "storageAccountType" ], "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -241,24 +281,30 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "roleAssignmentName": { + "description": "RoleAssignmentName is the name of the role assignment to create for a system assigned identity. It can be any valid GUID. If not specified, a random GUID will be generated.", "type": "string" }, "securityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "type": "object", "properties": { "encryptionAtHost": { + "description": "This field indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. Default is disabled.", "type": "boolean" } }, "additionalProperties": false }, "spotVMOptions": { + "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM.", "type": "object", "properties": { "maxPrice": { + "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -277,14 +323,17 @@ "type": "string" }, "userAssignedIdentities": { + "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user The lifecycle of a user-assigned identity is managed separately from the lifecycle of the AzureMachine. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "type": "array", "items": { + "description": "UserAssignedIdentity defines the user-assigned identities provided by the user to be assigned to Azure resources.", "type": "object", "required": [ "providerID" ], "properties": { "providerID": { + "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, @@ -298,11 +347,14 @@ "additionalProperties": false }, "status": { + "description": "AzureMachineStatus defines the observed state of AzureMachine.", "type": "object", "properties": { "addresses": { + "description": "Addresses contains the Azure instance associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -310,9 +362,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -320,8 +374,10 @@ } }, "conditions": { + "description": "Conditions defines current service state of the AzureMachine.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -329,22 +385,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -352,15 +414,19 @@ } }, "failureMessage": { + "description": "ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "failureReason": { + "description": "ErrorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "vmState": { + "description": "VMState is the provisioning state of the Azure virtual machine.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha4.json index a48589d11..7027e4cdc 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachine_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "AzureMachine is the Schema for the azuremachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachineSpec defines the desired state of AzureMachine.", "type": "object", "required": [ "osDisk", @@ -19,20 +23,25 @@ ], "properties": { "acceleratedNetworking": { + "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on whether the requested VMSize supports accelerated networking. If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "allocatePublicIP": { + "description": "AllocatePublicIP allows the ability to create dynamic public ips for machines where this value is true.", "type": "boolean" }, "dataDisks": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -40,6 +49,7 @@ ], "properties": { "cachingType": { + "description": "CachingType specifies the caching requirements.", "type": "string", "enum": [ "None", @@ -48,20 +58,25 @@ ] }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int32" }, "lun": { + "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. The value must be between 0 and 63.", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk specifies the Managed Disk parameters for the data disk.", "type": "object", "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -74,6 +89,7 @@ "additionalProperties": false }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cmachineName\u003e_\u003cnameSuffix\u003e.", "type": "string" } }, @@ -81,12 +97,15 @@ } }, "enableIPForwarding": { + "description": "EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller manager). Default is false for disabled.", "type": "boolean" }, "failureDomain": { + "description": "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. This relates to an Azure Availability Zone", "type": "string" }, "identity": { + "description": "Identity is the type of identity used for the virtual machine. The type 'SystemAssigned' is an implicitly created identity. The generated identity will be assigned a Subscription contributor role. The type 'UserAssigned' is a standalone Azure resource provided by the user and assigned to the VM", "type": "string", "default": "None", "enum": [ @@ -96,12 +115,15 @@ ] }, "image": { + "description": "Image is used to provide details of an image to use during VM creation. If image details are omitted the image will default the Azure Marketplace \"capi\" offer, which is based on Ubuntu.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -111,22 +133,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -134,6 +161,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -144,31 +172,39 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "publisher": { + "description": "Publisher is the name of the organization that created the image. This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -179,12 +215,14 @@ "additionalProperties": false }, "osDisk": { + "description": "OSDisk specifies the parameters for the operating system disk of the machine", "type": "object", "required": [ "osType" ], "properties": { "cachingType": { + "description": "CachingType specifies the caching requirements.", "type": "string", "enum": [ "None", @@ -193,12 +231,14 @@ ] }, "diffDiskSettings": { + "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "type": "object", "required": [ "option" ], "properties": { "option": { + "description": "Option enables ephemeral OS when set to \"Local\" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details", "type": "string", "enum": [ "Local" @@ -208,16 +248,20 @@ "additionalProperties": false }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the OS disk. Will have a default of 30GB if not provided", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk specifies the Managed Disk parameters for the OS disk.", "type": "object", "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -236,24 +280,30 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "roleAssignmentName": { + "description": "RoleAssignmentName is the name of the role assignment to create for a system assigned identity. It can be any valid GUID. If not specified, a random GUID will be generated.", "type": "string" }, "securityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "type": "object", "properties": { "encryptionAtHost": { + "description": "This field indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. Default is disabled.", "type": "boolean" } }, "additionalProperties": false }, "spotVMOptions": { + "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", "type": "object", "properties": { "maxPrice": { + "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -272,17 +322,21 @@ "type": "string" }, "subnetName": { + "description": "SubnetName selects the Subnet where the VM will be placed", "type": "string" }, "userAssignedIdentities": { + "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user The lifecycle of a user-assigned identity is managed separately from the lifecycle of the AzureMachine. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "type": "array", "items": { + "description": "UserAssignedIdentity defines the user-assigned identities provided by the user to be assigned to Azure resources.", "type": "object", "required": [ "providerID" ], "properties": { "providerID": { + "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, @@ -296,11 +350,14 @@ "additionalProperties": false }, "status": { + "description": "AzureMachineStatus defines the observed state of AzureMachine.", "type": "object", "properties": { "addresses": { + "description": "Addresses contains the Azure instance associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -308,9 +365,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -318,8 +377,10 @@ } }, "conditions": { + "description": "Conditions defines current service state of the AzureMachine.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -327,22 +388,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -350,14 +417,18 @@ } }, "failureMessage": { + "description": "ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "failureReason": { + "description": "ErrorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "longRunningOperationStates": { + "description": "LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the next reconciliation loop.", "type": "array", "items": { + "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "type": "object", "required": [ "name", @@ -366,18 +437,23 @@ ], "properties": { "data": { + "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { + "description": "Name is the name of the Azure resource. Together with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { + "description": "ServiceName is the name of the Azure service. Together with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { + "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, @@ -385,9 +461,11 @@ } }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "vmState": { + "description": "VMState is the provisioning state of the Azure virtual machine.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json index 452fbed89..e54972e1d 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "AzureMachinePool is the Schema for the azuremachinepools API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachinePoolSpec defines the desired state of AzureMachinePool.", "type": "object", "required": [ "location", @@ -18,12 +22,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "identity": { + "description": "Identity is the type of identity used for the Virtual Machine Scale Set. The type 'SystemAssigned' is an implicitly created identity. The generated identity will be assigned a Subscription contributor role. The type 'UserAssigned' is a standalone Azure resource provided by the user and assigned to the VM", "type": "string", "default": "None", "enum": [ @@ -33,21 +39,26 @@ ] }, "location": { + "description": "Location is the Azure region location e.g. westus2", "type": "string" }, "providerID": { + "description": "ProviderID is the identification ID of the Virtual Machine Scale Set", "type": "string" }, "providerIDList": { + "description": "ProviderIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.", "type": "array", "items": { "type": "string" } }, "roleAssignmentName": { + "description": "RoleAssignmentName is the name of the role assignment to create for a system assigned identity. It can be any valid GUID. If not specified, a random GUID will be generated.", "type": "string" }, "template": { + "description": "Template contains the details used to build a replica virtual machine within the Machine Pool.", "type": "object", "required": [ "osDisk", @@ -56,11 +67,14 @@ ], "properties": { "acceleratedNetworking": { + "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on whether the requested VMSize supports accelerated networking. If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "dataDisks": { + "description": "DataDisks specifies the list of data disks to be created for a Virtual Machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -71,23 +85,28 @@ "type": "string" }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int32" }, "lun": { + "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. The value must be between 0 and 63.", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk defines the managed disk options for a VM.", "type": "object", "required": [ "storageAccountType" ], "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -100,6 +119,7 @@ "additionalProperties": false }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cmachineName\u003e_\u003cnameSuffix\u003e.", "type": "string" } }, @@ -107,12 +127,15 @@ } }, "image": { + "description": "Image is used to provide details of an image to use during Virtual Machine creation. If image details are omitted the image will default the Azure Marketplace \"capi\" offer, which is based on Ubuntu.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -122,22 +145,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -145,6 +173,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -155,22 +184,27 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -181,6 +215,7 @@ "additionalProperties": false }, "osDisk": { + "description": "OSDisk contains the operating system disk information for a Virtual Machine", "type": "object", "required": [ "diskSizeGB", @@ -192,12 +227,14 @@ "type": "string" }, "diffDiskSettings": { + "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "type": "object", "required": [ "option" ], "properties": { "option": { + "description": "Option enables ephemeral OS when set to \"Local\" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details", "type": "string", "enum": [ "Local" @@ -211,15 +248,18 @@ "format": "int32" }, "managedDisk": { + "description": "ManagedDisk defines the managed disk options for a VM.", "type": "object", "required": [ "storageAccountType" ], "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -238,18 +278,22 @@ "additionalProperties": false }, "securityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "type": "object", "properties": { "encryptionAtHost": { + "description": "This field indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. Default is disabled.", "type": "boolean" } }, "additionalProperties": false }, "spotVMOptions": { + "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", "type": "object", "properties": { "maxPrice": { + "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -265,26 +309,32 @@ "additionalProperties": false }, "sshPublicKey": { + "description": "SSHPublicKey is the SSH public key string base64 encoded to add to a Virtual Machine", "type": "string" }, "terminateNotificationTimeout": { + "description": "TerminateNotificationTimeout enables or disables VMSS scheduled events termination notification with specified timeout allowed values are between 5 and 15 (mins)", "type": "integer" }, "vmSize": { + "description": "VMSize is the size of the Virtual Machine to build. See https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes", "type": "string" } }, "additionalProperties": false }, "userAssignedIdentities": { + "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user The lifecycle of a user-assigned identity is managed separately from the lifecycle of the AzureMachinePool. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "type": "array", "items": { + "description": "UserAssignedIdentity defines the user-assigned identities provided by the user to be assigned to Azure resources.", "type": "object", "required": [ "providerID" ], "properties": { "providerID": { + "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, @@ -295,11 +345,14 @@ "additionalProperties": false }, "status": { + "description": "AzureMachinePoolStatus defines the observed state of AzureMachinePool.", "type": "object", "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureMachinePool.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -307,22 +360,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -330,35 +389,45 @@ } }, "failureMessage": { + "description": "FailureMessage will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "failureReason": { + "description": "FailureReason will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "instances": { + "description": "Instances is the VM instance status for each VM in the VMSS", "type": "array", "items": { + "description": "AzureMachinePoolInstanceStatus provides status information for each instance in the VMSS.", "type": "object", "required": [ "latestModelApplied" ], "properties": { "instanceID": { + "description": "InstanceID is the identification of the Machine Instance within the VMSS", "type": "string" }, "instanceName": { + "description": "InstanceName is the name of the Machine Instance within the VMSS", "type": "string" }, "latestModelApplied": { + "description": "LatestModelApplied indicates the instance is running the most up-to-date VMSS model. A VMSS model describes the image version the VM is running. If the instance is not running the latest model, it means the instance may not be running the version of Kubernetes the Machine Pool has specified and needs to be updated.", "type": "boolean" }, "providerID": { + "description": "ProviderID is the provider identification of the VMSS Instance", "type": "string" }, "provisioningState": { + "description": "ProvisioningState is the provisioning state of the Azure virtual machine instance.", "type": "string" }, "version": { + "description": "Version defines the Kubernetes version for the VM Instance", "type": "string" } }, @@ -366,37 +435,46 @@ } }, "longRunningOperationState": { + "description": "LongRunningOperationState saves the state for an Azure long running operations so it can be continued on the next reconciliation loop.", "type": "object", "required": [ "type" ], "properties": { "futureData": { + "description": "FutureData is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { + "description": "Name is the name of the Azure resource.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "type": { + "description": "Type describes the type of future, update, create, delete, etc.", "type": "string" } }, "additionalProperties": false }, "provisioningState": { + "description": "ProvisioningState is the provisioning state of the Azure virtual machine.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" }, "version": { + "description": "Version is the Kubernetes version for the current VMSS model", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha4.json index b1b30def1..ec89e2828 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachinepool_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "AzureMachinePool is the Schema for the azuremachinepools API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachinePoolSpec defines the desired state of AzureMachinePool.", "type": "object", "required": [ "location", @@ -18,12 +22,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "identity": { + "description": "Identity is the type of identity used for the Virtual Machine Scale Set. The type 'SystemAssigned' is an implicitly created identity. The generated identity will be assigned a Subscription contributor role. The type 'UserAssigned' is a standalone Azure resource provided by the user and assigned to the VM", "type": "string", "default": "None", "enum": [ @@ -33,24 +39,30 @@ ] }, "location": { + "description": "Location is the Azure region location e.g. westus2", "type": "string" }, "nodeDrainTimeout": { + "description": "NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`", "type": "string" }, "providerID": { + "description": "ProviderID is the identification ID of the Virtual Machine Scale Set", "type": "string" }, "providerIDList": { + "description": "ProviderIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances.", "type": "array", "items": { "type": "string" } }, "roleAssignmentName": { + "description": "RoleAssignmentName is the name of the role assignment to create for a system assigned identity. It can be any valid GUID. If not specified, a random GUID will be generated.", "type": "string" }, "strategy": { + "description": "The deployment strategy to use to replace existing AzureMachinePoolMachines with new ones.", "type": "object", "default": { "rollingUpdate": { @@ -62,9 +74,11 @@ }, "properties": { "rollingUpdate": { + "description": "Rolling update config params. Present only if MachineDeploymentStrategyType = RollingUpdate.", "type": "object", "properties": { "deletePolicy": { + "description": "DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. Valid values are \"Random, \"Newest\", \"Oldest\" When no value is supplied, the default is Oldest", "type": "string", "default": "Oldest", "enum": [ @@ -74,6 +88,7 @@ ] }, "maxSurge": { + "description": "The maximum number of machines that can be scheduled above the desired number of machines. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 1. Example: when this is set to 30%, the new MachineSet can be scaled up immediately when the rolling update starts, such that the total number of old and new machines do not exceed 130% of desired machines. Once old machines have been killed, new MachineSet can be scaled up further, ensuring that total number of machines running at any time during the update is at most 130% of desired machines.", "default": 1, "anyOf": [ { @@ -86,6 +101,7 @@ "x-kubernetes-int-or-string": true }, "maxUnavailable": { + "description": "The maximum number of machines that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired machines (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 0. Example: when this is set to 30%, the old MachineSet can be scaled down to 70% of desired machines immediately when the rolling update starts. Once new machines are ready, old MachineSet can be scaled down further, followed by scaling up the new MachineSet, ensuring that the total number of machines available at all times during the update is at least 70% of desired machines.", "default": 0, "anyOf": [ { @@ -101,6 +117,7 @@ "additionalProperties": false }, "type": { + "description": "Type of deployment. Currently the only supported strategy is RollingUpdate", "type": "string", "default": "RollingUpdate", "enum": [ @@ -111,6 +128,7 @@ "additionalProperties": false }, "template": { + "description": "Template contains the details used to build a replica virtual machine within the Machine Pool", "type": "object", "required": [ "osDisk", @@ -119,11 +137,14 @@ ], "properties": { "acceleratedNetworking": { + "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on whether the requested VMSize supports accelerated networking. If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "dataDisks": { + "description": "DataDisks specifies the list of data disks to be created for a Virtual Machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -131,6 +152,7 @@ ], "properties": { "cachingType": { + "description": "CachingType specifies the caching requirements.", "type": "string", "enum": [ "None", @@ -139,20 +161,25 @@ ] }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int32" }, "lun": { + "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. The value must be between 0 and 63.", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk specifies the Managed Disk parameters for the data disk.", "type": "object", "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -165,6 +192,7 @@ "additionalProperties": false }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cmachineName\u003e_\u003cnameSuffix\u003e.", "type": "string" } }, @@ -172,12 +200,15 @@ } }, "image": { + "description": "Image is used to provide details of an image to use during VM creation. If image details are omitted the image will default the Azure Marketplace \"capi\" offer, which is based on Ubuntu.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -187,22 +218,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -210,6 +246,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -220,31 +257,39 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "publisher": { + "description": "Publisher is the name of the organization that created the image. This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -255,12 +300,14 @@ "additionalProperties": false }, "osDisk": { + "description": "OSDisk contains the operating system disk information for a Virtual Machine", "type": "object", "required": [ "osType" ], "properties": { "cachingType": { + "description": "CachingType specifies the caching requirements.", "type": "string", "enum": [ "None", @@ -269,12 +316,14 @@ ] }, "diffDiskSettings": { + "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "type": "object", "required": [ "option" ], "properties": { "option": { + "description": "Option enables ephemeral OS when set to \"Local\" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details", "type": "string", "enum": [ "Local" @@ -284,16 +333,20 @@ "additionalProperties": false }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the OS disk. Will have a default of 30GB if not provided", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk specifies the Managed Disk parameters for the OS disk.", "type": "object", "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -312,18 +365,22 @@ "additionalProperties": false }, "securityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "type": "object", "properties": { "encryptionAtHost": { + "description": "This field indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. Default is disabled.", "type": "boolean" } }, "additionalProperties": false }, "spotVMOptions": { + "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", "type": "object", "properties": { "maxPrice": { + "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -339,29 +396,36 @@ "additionalProperties": false }, "sshPublicKey": { + "description": "SSHPublicKey is the SSH public key string base64 encoded to add to a Virtual Machine", "type": "string" }, "subnetName": { + "description": "SubnetName selects the Subnet where the VMSS will be placed", "type": "string" }, "terminateNotificationTimeout": { + "description": "TerminateNotificationTimeout enables or disables VMSS scheduled events termination notification with specified timeout allowed values are between 5 and 15 (mins)", "type": "integer" }, "vmSize": { + "description": "VMSize is the size of the Virtual Machine to build. See https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate#virtualmachinesizetypes", "type": "string" } }, "additionalProperties": false }, "userAssignedIdentities": { + "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user The lifecycle of a user-assigned identity is managed separately from the lifecycle of the AzureMachinePool. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "type": "array", "items": { + "description": "UserAssignedIdentity defines the user-assigned identities provided by the user to be assigned to Azure resources.", "type": "object", "required": [ "providerID" ], "properties": { "providerID": { + "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, @@ -372,11 +436,14 @@ "additionalProperties": false }, "status": { + "description": "AzureMachinePoolStatus defines the observed state of AzureMachinePool.", "type": "object", "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureMachinePool.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -384,22 +451,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -407,18 +480,23 @@ } }, "failureMessage": { + "description": "FailureMessage will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "failureReason": { + "description": "FailureReason will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "image": { + "description": "Image is the current image used in the AzureMachinePool. When the spec image is nil, this image is populated with the details of the defaulted Azure Marketplace \"capi\" offer.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -428,22 +506,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -451,6 +534,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -461,31 +545,39 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "publisher": { + "description": "Publisher is the name of the organization that created the image. This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -496,29 +588,37 @@ "additionalProperties": false }, "instances": { + "description": "Instances is the VM instance status for each VM in the VMSS", "type": "array", "items": { + "description": "AzureMachinePoolInstanceStatus provides status information for each instance in the VMSS.", "type": "object", "required": [ "latestModelApplied" ], "properties": { "instanceID": { + "description": "InstanceID is the identification of the Machine Instance within the VMSS", "type": "string" }, "instanceName": { + "description": "InstanceName is the name of the Machine Instance within the VMSS", "type": "string" }, "latestModelApplied": { + "description": "LatestModelApplied indicates the instance is running the most up-to-date VMSS model. A VMSS model describes the image version the VM is running. If the instance is not running the latest model, it means the instance may not be running the version of Kubernetes the Machine Pool has specified and needs to be updated.", "type": "boolean" }, "providerID": { + "description": "ProviderID is the provider identification of the VMSS Instance", "type": "string" }, "provisioningState": { + "description": "ProvisioningState is the provisioning state of the Azure virtual machine instance.", "type": "string" }, "version": { + "description": "Version defines the Kubernetes version for the VM Instance", "type": "string" } }, @@ -526,8 +626,10 @@ } }, "longRunningOperationStates": { + "description": "LongRunningOperationStates saves the state for Azure long-running operations so they can be continued on the next reconciliation loop.", "type": "array", "items": { + "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "type": "object", "required": [ "name", @@ -536,18 +638,23 @@ ], "properties": { "data": { + "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { + "description": "Name is the name of the Azure resource. Together with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { + "description": "ServiceName is the name of the Azure service. Together with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { + "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, @@ -555,16 +662,20 @@ } }, "provisioningState": { + "description": "ProvisioningState is the provisioning state of the Azure virtual machine.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" }, "version": { + "description": "Version is the Kubernetes version for the current VMSS model", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachinepoolmachine_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azuremachinepoolmachine_v1alpha4.json index fd1e44bc2..1b487e792 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachinepoolmachine_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachinepoolmachine_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "AzureMachinePoolMachine is the Schema for the azuremachinepoolmachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachinePoolMachineSpec defines the desired state of AzureMachinePoolMachine.", "type": "object", "required": [ "instanceID", @@ -18,23 +22,28 @@ ], "properties": { "instanceID": { + "description": "InstanceID is the identification of the Machine Instance within the VMSS", "type": "string" }, "providerID": { + "description": "ProviderID is the identification ID of the Virtual Machine Scale Set", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "AzureMachinePoolMachineStatus defines the observed state of AzureMachinePoolMachine.", "type": "object", "required": [ "latestModelApplied" ], "properties": { "conditions": { + "description": "Conditions defines current service state of the AzureMachinePool.", "type": "array", "items": { + "description": "Condition defines an observation of a Cluster API resource operational state.", "type": "object", "required": [ "status", @@ -42,22 +51,28 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", "type": "string" }, "severity": { + "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, @@ -65,20 +80,26 @@ } }, "failureMessage": { + "description": "FailureMessage will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a more verbose string suitable for logging and human consumption. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "failureReason": { + "description": "FailureReason will be set in the event that there is a terminal problem reconciling the MachinePool machine and will contain a succinct value suitable for machine interpretation. \n Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller's output.", "type": "string" }, "instanceName": { + "description": "InstanceName is the name of the Machine Instance within the VMSS", "type": "string" }, "latestModelApplied": { + "description": "LatestModelApplied indicates the instance is running the most up-to-date VMSS model. A VMSS model describes the image version the VM is running. If the instance is not running the latest model, it means the instance may not be running the version of Kubernetes the Machine Pool has specified and needs to be updated.", "type": "boolean" }, "longRunningOperationStates": { + "description": "LongRunningOperationStates saves the state for Azure long running operations so they can be continued on the next reconciliation loop.", "type": "array", "items": { + "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "type": "object", "required": [ "name", @@ -87,18 +108,23 @@ ], "properties": { "data": { + "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { + "description": "Name is the name of the Azure resource. Together with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { + "description": "ServiceName is the name of the Azure service. Together with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { + "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, @@ -106,39 +132,50 @@ } }, "nodeRef": { + "description": "NodeRef will point to the corresponding Node if it exists.", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "additionalProperties": false }, "provisioningState": { + "description": "ProvisioningState is the provisioning state of the Azure virtual machine instance.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "version": { + "description": "Version defines the Kubernetes version for the VM Instance", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha2.json b/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha2.json index 09a7895ee..d8adbbe81 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha2.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha2.json @@ -1,28 +1,34 @@ { + "description": "AzureMachineTemplate is the Schema for the azuremachinetemplates API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "AzureMachineTemplateResource describes the data needed to create am AzureMachine from a template", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "location", @@ -32,12 +38,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "allocatePublicIP": { + "description": "AllocatePublicIP allows the ability to create dynamic public ips for machines where this value is true.", "type": "boolean" }, "availabilityZone": { @@ -53,6 +61,7 @@ "additionalProperties": false }, "image": { + "description": "Image defines information about the image to use for VM creation. There are three ways to specify an image: by ID, by publisher, or by Shared Image Gallery. If specifying an image by ID, only the ID field needs to be set. If specifying an image by publisher, the Publisher, Offer, SKU, and Version fields must be set. If specifying an image from a Shared Image Gallery, the SubscriptionID, ResourceGroup, Gallery, Name, and Version fields must be set.", "type": "object", "properties": { "gallery": { @@ -119,6 +128,7 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshPublicKey": { diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha3.json index 9d572bff8..de763f7ee 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha3.json @@ -1,28 +1,34 @@ { + "description": "AzureMachineTemplate is the Schema for the azuremachinetemplates API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate.", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "AzureMachineTemplateResource describes the data needed to create an AzureMachine from a template.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "location", @@ -32,18 +38,22 @@ ], "properties": { "acceleratedNetworking": { + "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on whether the requested VMSize supports accelerated networking. If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "allocatePublicIP": { + "description": "AllocatePublicIP allows the ability to create dynamic public ips for machines where this value is true.", "type": "boolean" }, "availabilityZone": { + "description": "Deprecated: use FailureDomain instead", "type": "object", "properties": { "enabled": { @@ -56,8 +66,10 @@ "additionalProperties": false }, "dataDisks": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -68,23 +80,28 @@ "type": "string" }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int32" }, "lun": { + "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. The value must be between 0 and 63.", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk defines the managed disk options for a VM.", "type": "object", "required": [ "storageAccountType" ], "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -97,6 +114,7 @@ "additionalProperties": false }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cmachineName\u003e_\u003cnameSuffix\u003e.", "type": "string" } }, @@ -104,12 +122,15 @@ } }, "enableIPForwarding": { + "description": "EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller manager). Default is false for disabled.", "type": "boolean" }, "failureDomain": { + "description": "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. This relates to an Azure Availability Zone", "type": "string" }, "identity": { + "description": "Identity is the type of identity used for the virtual machine. The type 'SystemAssigned' is an implicitly created identity. The generated identity will be assigned a Subscription contributor role. The type 'UserAssigned' is a standalone Azure resource provided by the user and assigned to the VM", "type": "string", "default": "None", "enum": [ @@ -119,12 +140,15 @@ ] }, "image": { + "description": "Image is used to provide details of an image to use during VM creation. If image details are omitted the image will default the Azure Marketplace \"capi\" offer, which is based on Ubuntu.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -134,22 +158,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -157,6 +186,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -167,22 +197,27 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -193,9 +228,11 @@ "additionalProperties": false }, "location": { + "description": "Deprecated: to support old clients, will be removed in v1alpha4/v1beta1", "type": "string" }, "osDisk": { + "description": "OSDisk specifies the parameters for the operating system disk of the machine", "type": "object", "required": [ "diskSizeGB", @@ -207,12 +244,14 @@ "type": "string" }, "diffDiskSettings": { + "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "type": "object", "required": [ "option" ], "properties": { "option": { + "description": "Option enables ephemeral OS when set to \"Local\" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details", "type": "string", "enum": [ "Local" @@ -226,15 +265,18 @@ "format": "int32" }, "managedDisk": { + "description": "ManagedDisk defines the managed disk options for a VM.", "type": "object", "required": [ "storageAccountType" ], "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -253,24 +295,30 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "roleAssignmentName": { + "description": "RoleAssignmentName is the name of the role assignment to create for a system assigned identity. It can be any valid GUID. If not specified, a random GUID will be generated.", "type": "string" }, "securityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "type": "object", "properties": { "encryptionAtHost": { + "description": "This field indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. Default is disabled.", "type": "boolean" } }, "additionalProperties": false }, "spotVMOptions": { + "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM.", "type": "object", "properties": { "maxPrice": { + "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -289,14 +337,17 @@ "type": "string" }, "userAssignedIdentities": { + "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user The lifecycle of a user-assigned identity is managed separately from the lifecycle of the AzureMachine. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "type": "array", "items": { + "description": "UserAssignedIdentity defines the user-assigned identities provided by the user to be assigned to Azure resources.", "type": "object", "required": [ "providerID" ], "properties": { "providerID": { + "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha4.json index d00ecbf09..666568cd3 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremachinetemplate_v1alpha4.json @@ -1,28 +1,34 @@ { + "description": "AzureMachineTemplate is the Schema for the azuremachinetemplates API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate.", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "AzureMachineTemplateResource describes the data needed to create an AzureMachine from a template.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "osDisk", @@ -31,20 +37,25 @@ ], "properties": { "acceleratedNetworking": { + "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on whether the requested VMSize supports accelerated networking. If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the AzureMachine's value takes precedence.", "type": "object", "additionalProperties": { "type": "string" } }, "allocatePublicIP": { + "description": "AllocatePublicIP allows the ability to create dynamic public ips for machines where this value is true.", "type": "boolean" }, "dataDisks": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -52,6 +63,7 @@ ], "properties": { "cachingType": { + "description": "CachingType specifies the caching requirements.", "type": "string", "enum": [ "None", @@ -60,20 +72,25 @@ ] }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int32" }, "lun": { + "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. The value must be between 0 and 63.", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk specifies the Managed Disk parameters for the data disk.", "type": "object", "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -86,6 +103,7 @@ "additionalProperties": false }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cmachineName\u003e_\u003cnameSuffix\u003e.", "type": "string" } }, @@ -93,12 +111,15 @@ } }, "enableIPForwarding": { + "description": "EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller manager). Default is false for disabled.", "type": "boolean" }, "failureDomain": { + "description": "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. This relates to an Azure Availability Zone", "type": "string" }, "identity": { + "description": "Identity is the type of identity used for the virtual machine. The type 'SystemAssigned' is an implicitly created identity. The generated identity will be assigned a Subscription contributor role. The type 'UserAssigned' is a standalone Azure resource provided by the user and assigned to the VM", "type": "string", "default": "None", "enum": [ @@ -108,12 +129,15 @@ ] }, "image": { + "description": "Image is used to provide details of an image to use during VM creation. If image details are omitted the image will default the Azure Marketplace \"capi\" offer, which is based on Ubuntu.", "type": "object", "properties": { "id": { + "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { + "description": "Marketplace specifies an image to use from the Azure Marketplace", "type": "object", "required": [ "offer", @@ -123,22 +147,27 @@ ], "properties": { "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "minLength": 1 }, "publisher": { + "description": "Publisher is the name of the organization that created the image", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "minLength": 1 }, "thirdPartyImage": { + "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan will be generated for it.", "type": "boolean", "default": false }, "version": { + "description": "Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -146,6 +175,7 @@ "additionalProperties": false }, "sharedGallery": { + "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery", "type": "object", "required": [ "gallery", @@ -156,31 +186,39 @@ ], "properties": { "gallery": { + "description": "Gallery specifies the name of the shared image gallery that contains the image", "type": "string", "minLength": 1 }, "name": { + "description": "Name is the name of the image", "type": "string", "minLength": 1 }, "offer": { + "description": "Offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "publisher": { + "description": "Publisher is the name of the organization that created the image. This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup specifies the resource group containing the shared image gallery", "type": "string", "minLength": 1 }, "sku": { + "description": "SKU specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. This is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "subscriptionID": { + "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "type": "string", "minLength": 1 }, "version": { + "description": "Version specifies the version of the marketplace image. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "minLength": 1 } @@ -191,12 +229,14 @@ "additionalProperties": false }, "osDisk": { + "description": "OSDisk specifies the parameters for the operating system disk of the machine", "type": "object", "required": [ "osType" ], "properties": { "cachingType": { + "description": "CachingType specifies the caching requirements.", "type": "string", "enum": [ "None", @@ -205,12 +245,14 @@ ] }, "diffDiskSettings": { + "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "type": "object", "required": [ "option" ], "properties": { "option": { + "description": "Option enables ephemeral OS when set to \"Local\" See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details", "type": "string", "enum": [ "Local" @@ -220,16 +262,20 @@ "additionalProperties": false }, "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the OS disk. Will have a default of 30GB if not provided", "type": "integer", "format": "int32" }, "managedDisk": { + "description": "ManagedDisk specifies the Managed Disk parameters for the OS disk.", "type": "object", "properties": { "diskEncryptionSet": { + "description": "DiskEncryptionSetParameters defines disk encryption options.", "type": "object", "properties": { "id": { + "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, @@ -248,24 +294,30 @@ "additionalProperties": false }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "roleAssignmentName": { + "description": "RoleAssignmentName is the name of the role assignment to create for a system assigned identity. It can be any valid GUID. If not specified, a random GUID will be generated.", "type": "string" }, "securityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "type": "object", "properties": { "encryptionAtHost": { + "description": "This field indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. Default is disabled.", "type": "boolean" } }, "additionalProperties": false }, "spotVMOptions": { + "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", "type": "object", "properties": { "maxPrice": { + "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -284,17 +336,21 @@ "type": "string" }, "subnetName": { + "description": "SubnetName selects the Subnet where the VM will be placed", "type": "string" }, "userAssignedIdentities": { + "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user The lifecycle of a user-assigned identity is managed separately from the lifecycle of the AzureMachine. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "type": "array", "items": { + "description": "UserAssignedIdentity defines the user-assigned identities provided by the user to be assigned to Azure resources.", "type": "object", "required": [ "providerID" ], "properties": { "providerID": { + "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json index bc52743c6..54d69b568 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha3.json @@ -1,19 +1,24 @@ { + "description": "AzureManagedCluster is the Schema for the azuremanagedclusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedClusterSpec defines the desired state of AzureManagedCluster.", "type": "object", "properties": { "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -21,9 +26,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -34,9 +41,11 @@ "additionalProperties": false }, "status": { + "description": "AzureManagedClusterStatus defines the observed state of AzureManagedCluster.", "type": "object", "properties": { "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha4.json index bc52743c6..54d69b568 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcluster_v1alpha4.json @@ -1,19 +1,24 @@ { + "description": "AzureManagedCluster is the Schema for the azuremanagedclusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedClusterSpec defines the desired state of AzureManagedCluster.", "type": "object", "properties": { "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -21,9 +26,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -34,9 +41,11 @@ "additionalProperties": false }, "status": { + "description": "AzureManagedClusterStatus defines the observed state of AzureManagedCluster.", "type": "object", "properties": { "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json index 7ba05d712..aca694a36 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedControlPlaneSpec defines the desired state of AzureManagedControlPlane.", "type": "object", "required": [ "location", @@ -21,6 +25,7 @@ ], "properties": { "aadProfile": { + "description": "AadProfile is Azure Active Directory configuration to integrate with AKS for aad authentication.", "type": "object", "required": [ "adminGroupObjectIDs", @@ -28,24 +33,28 @@ ], "properties": { "adminGroupObjectIDs": { + "description": "AdminGroupObjectIDs - AAD group object IDs that will have admin role of the cluster.", "type": "array", "items": { "type": "string" } }, "managed": { + "description": "Managed - Whether to enable managed AAD.", "type": "boolean" } }, "additionalProperties": false }, "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.", "type": "object", "additionalProperties": { "type": "string" } }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -53,9 +62,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -63,9 +74,11 @@ "additionalProperties": false }, "dnsServiceIP": { + "description": "DNSServiceIP is an IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.", "type": "string" }, "loadBalancerSKU": { + "description": "LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.", "type": "string", "enum": [ "Basic", @@ -73,9 +86,11 @@ ] }, "location": { + "description": "Location is a string matching one of the canonical Azure region names. Examples: \"westus2\", \"eastus\".", "type": "string" }, "networkPlugin": { + "description": "NetworkPlugin used for building Kubernetes network.", "type": "string", "enum": [ "azure", @@ -83,6 +98,7 @@ ] }, "networkPolicy": { + "description": "NetworkPolicy used for building Kubernetes network.", "type": "string", "enum": [ "azure", @@ -90,22 +106,28 @@ ] }, "nodeResourceGroupName": { + "description": "NodeResourceGroupName is the name of the resource group containing cluster IaaS resources. Will be populated to default in webhook.", "type": "string" }, "resourceGroupName": { + "description": "ResourceGroupName is the name of the Azure resource group for this AKS Cluster.", "type": "string" }, "sshPublicKey": { + "description": "SSHPublicKey is a string literal containing an ssh public key base64 encoded.", "type": "string" }, "subscriptionID": { + "description": "SubscriotionID is the GUID of the Azure subscription to hold this cluster.", "type": "string" }, "version": { + "description": "Version defines the desired Kubernetes version.", "type": "string", "minLength": 2 }, "virtualNetwork": { + "description": "VirtualNetwork describes the vnet for the AKS cluster. Will be created if it does not exist.", "type": "object", "required": [ "cidrBlock", @@ -119,6 +141,7 @@ "type": "string" }, "subnet": { + "description": "ManagedControlPlaneSubnet describes a subnet for an AKS cluster.", "type": "object", "required": [ "cidrBlock", @@ -141,12 +164,15 @@ "additionalProperties": false }, "status": { + "description": "AzureManagedControlPlaneStatus defines the observed state of AzureManagedControlPlane.", "type": "object", "properties": { "initialized": { + "description": "Initialized is true when the the control plane is available for initial contact. This may occur before the control plane is fully ready. In the AzureManagedControlPlane implementation, these are identical.", "type": "boolean" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha4.json index f933ac1e7..3ef114eba 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremanagedcontrolplane_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedControlPlaneSpec defines the desired state of AzureManagedControlPlane.", "type": "object", "required": [ "location", @@ -20,6 +24,7 @@ ], "properties": { "aadProfile": { + "description": "AadProfile is Azure Active Directory configuration to integrate with AKS for aad authentication.", "type": "object", "required": [ "adminGroupObjectIDs", @@ -27,39 +32,47 @@ ], "properties": { "adminGroupObjectIDs": { + "description": "AdminGroupObjectIDs - AAD group object IDs that will have admin role of the cluster.", "type": "array", "items": { "type": "string" } }, "managed": { + "description": "Managed - Whether to enable managed AAD.", "type": "boolean" } }, "additionalProperties": false }, "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.", "type": "object", "additionalProperties": { "type": "string" } }, "apiServerAccessProfile": { + "description": "APIServerAccessProfile is the access profile for AKS API server.", "type": "object", "properties": { "authorizedIPRanges": { + "description": "AuthorizedIPRanges - Authorized IP Ranges to kubernetes API server.", "type": "array", "items": { "type": "string" } }, "enablePrivateCluster": { + "description": "EnablePrivateCluster - Whether to create the cluster as a private cluster or not.", "type": "boolean" }, "enablePrivateClusterPublicFQDN": { + "description": "EnablePrivateClusterPublicFQDN - Whether to create additional public FQDN for private cluster or not.", "type": "boolean" }, "privateDNSZone": { + "description": "PrivateDNSZone - Private dns zone mode for private cluster.", "type": "string", "enum": [ "System", @@ -70,6 +83,7 @@ "additionalProperties": false }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -77,9 +91,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -87,30 +103,39 @@ "additionalProperties": false }, "dnsServiceIP": { + "description": "DNSServiceIP is an IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.", "type": "string" }, "identityRef": { + "description": "IdentityRef is a reference to a AzureClusterIdentity to be used when reconciling this cluster", "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, @@ -118,27 +143,33 @@ "x-kubernetes-map-type": "atomic" }, "loadBalancerProfile": { + "description": "LoadBalancerProfile is the profile of the cluster load balancer.", "type": "object", "properties": { "allocatedOutboundPorts": { + "description": "AllocatedOutboundPorts - Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.", "type": "integer", "format": "int32" }, "idleTimeoutInMinutes": { + "description": "IdleTimeoutInMinutes - Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes.", "type": "integer", "format": "int32" }, "managedOutboundIPs": { + "description": "ManagedOutboundIPs - Desired managed outbound IPs for the cluster load balancer.", "type": "integer", "format": "int32" }, "outboundIPPrefixes": { + "description": "OutboundIPPrefixes - Desired outbound IP Prefix resources for the cluster load balancer.", "type": "array", "items": { "type": "string" } }, "outboundIPs": { + "description": "OutboundIPs - Desired outbound IP resources for the cluster load balancer.", "type": "array", "items": { "type": "string" @@ -148,6 +179,7 @@ "additionalProperties": false }, "loadBalancerSKU": { + "description": "LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.", "type": "string", "enum": [ "Basic", @@ -155,9 +187,11 @@ ] }, "location": { + "description": "Location is a string matching one of the canonical Azure region names. Examples: \"westus2\", \"eastus\".", "type": "string" }, "networkPlugin": { + "description": "NetworkPlugin used for building Kubernetes network.", "type": "string", "enum": [ "azure", @@ -165,6 +199,7 @@ ] }, "networkPolicy": { + "description": "NetworkPolicy used for building Kubernetes network.", "type": "string", "enum": [ "azure", @@ -172,18 +207,22 @@ ] }, "nodeResourceGroupName": { + "description": "NodeResourceGroupName is the name of the resource group containing cluster IaaS resources. Will be populated to default in webhook.", "type": "string" }, "resourceGroupName": { + "description": "ResourceGroupName is the name of the Azure resource group for this AKS Cluster.", "type": "string" }, "sku": { + "description": "SKU is the AKSSku of the AKS to be provisioned.", "type": "object", "required": [ "tier" ], "properties": { "tier": { + "description": "Tier - Tier of a managed cluster SKU.", "type": "string", "enum": [ "Free", @@ -194,16 +233,20 @@ "additionalProperties": false }, "sshPublicKey": { + "description": "SSHPublicKey is a string literal containing an ssh public key base64 encoded.", "type": "string" }, "subscriptionID": { + "description": "SubscriptionID is the GUID of the Azure subscription to hold this cluster.", "type": "string" }, "version": { + "description": "Version defines the desired Kubernetes version.", "type": "string", "minLength": 2 }, "virtualNetwork": { + "description": "VirtualNetwork describes the vnet for the AKS cluster. Will be created if it does not exist.", "type": "object", "required": [ "cidrBlock", @@ -217,6 +260,7 @@ "type": "string" }, "subnet": { + "description": "ManagedControlPlaneSubnet describes a subnet for an AKS cluster.", "type": "object", "required": [ "cidrBlock", @@ -239,14 +283,18 @@ "additionalProperties": false }, "status": { + "description": "AzureManagedControlPlaneStatus defines the observed state of AzureManagedControlPlane.", "type": "object", "properties": { "initialized": { + "description": "Initialized is true when the the control plane is available for initial contact. This may occur before the control plane is fully ready. In the AzureManagedControlPlane implementation, these are identical.", "type": "boolean" }, "longRunningOperationStates": { + "description": "LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the next reconciliation loop.", "type": "array", "items": { + "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "type": "object", "required": [ "name", @@ -255,18 +303,23 @@ ], "properties": { "data": { + "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { + "description": "Name is the name of the Azure resource. Together with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { + "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { + "description": "ServiceName is the name of the Azure service. Together with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { + "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, @@ -274,6 +327,7 @@ } }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json index e06d48713..208f2c744 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "AzureManagedMachinePool is the Schema for the azuremanagedmachinepools API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedMachinePoolSpec defines the desired state of AzureManagedMachinePool.", "type": "object", "required": [ "mode", @@ -18,6 +22,7 @@ ], "properties": { "mode": { + "description": "Mode - represents mode of an agent pool. Possible values include: System, User.", "type": "string", "enum": [ "System", @@ -25,34 +30,42 @@ ] }, "osDiskSizeGB": { + "description": "OSDiskSizeGB is the disk size for every machine in this agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.", "type": "integer", "format": "int32" }, "providerIDList": { + "description": "ProviderIDList is the unique identifier as specified by the cloud provider.", "type": "array", "items": { "type": "string" } }, "sku": { + "description": "SKU is the size of the VMs in the node pool.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "AzureManagedMachinePoolStatus defines the observed state of AzureManagedMachinePool.", "type": "object", "properties": { "errorMessage": { + "description": "Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" } diff --git a/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha4.json index 81228144f..373ce2451 100644 --- a/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/azuremanagedmachinepool_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "AzureManagedMachinePool is the Schema for the azuremanagedmachinepools API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AzureManagedMachinePoolSpec defines the desired state of AzureManagedMachinePool.", "type": "object", "required": [ "mode", @@ -18,6 +22,7 @@ ], "properties": { "mode": { + "description": "Mode - represents mode of an agent pool. Possible values include: System, User.", "type": "string", "enum": [ "System", @@ -25,37 +30,46 @@ ] }, "name": { + "description": "Name - name of the agent pool. If not specified, CAPZ uses the name of the CR as the agent pool name.", "type": "string" }, "osDiskSizeGB": { + "description": "OSDiskSizeGB is the disk size for every machine in this agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.", "type": "integer", "format": "int32" }, "providerIDList": { + "description": "ProviderIDList is the unique identifier as specified by the cloud provider.", "type": "array", "items": { "type": "string" } }, "sku": { + "description": "SKU is the size of the VMs in the node pool.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "AzureManagedMachinePoolStatus defines the observed state of AzureManagedMachinePool.", "type": "object", "properties": { "errorMessage": { + "description": "Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "replicas": { + "description": "Replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32" } diff --git a/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha3.json index cb345cb4e..e5d7b0254 100644 --- a/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "CloudStackCluster is the Schema for the cloudstackclusters API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CloudStackClusterSpec defines the desired state of CloudStackCluster.", "type": "object", "required": [ "controlPlaneEndpoint", @@ -18,9 +22,11 @@ ], "properties": { "account": { + "description": "CloudStack account.", "type": "string" }, "controlPlaneEndpoint": { + "description": "The kubernetes control plane endpoint.", "type": "object", "required": [ "host", @@ -28,9 +34,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -38,9 +46,11 @@ "additionalProperties": false }, "domain": { + "description": "CloudStack domain.", "type": "string" }, "identityRef": { + "description": "CloudStackIdentityReference is a reference to an infrastructure provider identity to be used to provision cluster resources.", "type": "object", "required": [ "kind", @@ -48,25 +58,30 @@ ], "properties": { "kind": { + "description": "Kind of the identity. Must be supported by the infrastructure provider and may be either cluster or namespace-scoped.", "type": "string", "minLength": 1 }, "name": { + "description": "Name of the infrastructure identity to be used.", "type": "string" } }, "additionalProperties": false }, "network": { + "description": "CloudStack guest network name.", "type": "string" }, "zone": { + "description": "CloudStack Zone name.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "The actual cluster state reported by CloudStack.", "type": "object", "required": [ "ready", @@ -74,24 +89,31 @@ ], "properties": { "domainID": { + "description": "Cloudstack Domain ID the cluster is built in.", "type": "string" }, "loadBalancerRuleID": { + "description": "The ID of the lb rule used to assign VMs to the lb.", "type": "string" }, "networkID": { + "description": "Cloudstack Network ID the cluster is built in.", "type": "string" }, "networkType": { + "description": "Cloudstack Network Type the cluster is built in.", "type": "string" }, "publicIPID": { + "description": "The CS public IP ID to use for the k8s endpoint.", "type": "string" }, "ready": { + "description": "Reflects the readiness of the CS cluster.", "type": "boolean" }, "zoneID": { + "description": "The CS zone ID the cluster is built in.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha4.json index 089073e6b..7b7143624 100644 --- a/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/cloudstackcluster_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "CloudStackCluster is the Schema for the cloudstackclusters API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CloudStackClusterSpec defines the desired state of CloudStackCluster.", "type": "object", "required": [ "controlPlaneEndpoint", @@ -18,6 +22,7 @@ ], "properties": { "controlPlaneEndpoint": { + "description": "The kubernetes control plane endpoint.", "type": "object", "required": [ "host", @@ -25,9 +30,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -35,6 +42,7 @@ "additionalProperties": false }, "identityRef": { + "description": "CloudStackIdentityReference is a reference to an infrastructure provider identity to be used to provision cluster resources.", "type": "object", "required": [ "kind", @@ -42,25 +50,30 @@ ], "properties": { "kind": { + "description": "Kind of the identity. Must be supported by the infrastructure provider and may be either cluster or namespace-scoped.", "type": "string", "minLength": 1 }, "name": { + "description": "Name of the infrastructure identity to be used.", "type": "string" } }, "additionalProperties": false }, "network": { + "description": "CloudStack guest network name.", "type": "string" }, "zone": { + "description": "CloudStack Zone name.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "The actual cluster state reported by CloudStack.", "type": "object", "required": [ "ready", @@ -68,21 +81,27 @@ ], "properties": { "loadBalancerRuleID": { + "description": "The ID of the lb rule used to assign VMs to the lb.", "type": "string" }, "networkID": { + "description": "Cloudstack Network ID the cluster is built in.", "type": "string" }, "networkType": { + "description": "Cloudstack Network Type the cluster is built in.", "type": "string" }, "publicIPID": { + "description": "The CS public IP ID to use for the k8s endpoint.", "type": "string" }, "ready": { + "description": "Reflects the readiness of the CS cluster.", "type": "boolean" }, "zoneID": { + "description": "The CS zone ID the cluster is built in.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha3.json index e43d3d650..489a6a94e 100644 --- a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "CloudStackMachine is the Schema for the cloudstackmachines API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CloudStackMachineSpec defines the desired state of CloudStackMachine", "type": "object", "required": [ "offering", @@ -18,18 +22,21 @@ ], "properties": { "affinitygroupids": { + "description": "Optional affinitygroupids for deployVirtualMachine", "type": "array", "items": { "type": "string" } }, "details": { + "description": "Optional details map for deployVirtualMachine", "type": "object", "additionalProperties": { "type": "string" } }, "identityRef": { + "description": "IdentityRef is a reference to a identity to be used when reconciling this cluster", "type": "object", "required": [ "kind", @@ -37,42 +44,52 @@ ], "properties": { "kind": { + "description": "Kind of the identity. Must be supported by the infrastructure provider and may be either cluster or namespace-scoped.", "type": "string", "minLength": 1 }, "name": { + "description": "Name of the infrastructure identity to be used.", "type": "string" } }, "additionalProperties": false }, "instanceID": { + "description": "Instance ID. Should only be useful to modify an existing instance.", "type": "string" }, "offering": { + "description": "CloudStack compute offering.", "type": "string" }, "providerID": { + "description": "The CS specific unique identifier. Of the form: fmt.Sprintf(\"cloudstack:///%s\", CS Machine Id)", "type": "string" }, "sshKey": { + "description": "CloudStack ssh key to use.", "type": "string" }, "template": { + "description": "CloudStack template to use.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "Type pulled mostly from the CloudStack API.", "type": "object", "required": [ "ready" ], "properties": { "addresses": { + "description": "Addresses contains a CloudStack VM instance's IP addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -80,9 +97,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -90,9 +109,11 @@ } }, "instanceState": { + "description": "InstanceState is the state of the CloudStack instance for this machine.", "type": "string" }, "ready": { + "description": "Ready indicates the readiness of the provider resource.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha4.json index 91d7955dc..a142c572f 100644 --- a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachine_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "CloudStackMachine is the Schema for the cloudstackmachines API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CloudStackMachineSpec defines the desired state of CloudStackMachine", "type": "object", "required": [ "offering", @@ -18,12 +22,14 @@ ], "properties": { "details": { + "description": "Optional details map for deployVirtualMachine", "type": "object", "additionalProperties": { "type": "string" } }, "identityRef": { + "description": "IdentityRef is a reference to a identity to be used when reconciling this cluster", "type": "object", "required": [ "kind", @@ -31,42 +37,52 @@ ], "properties": { "kind": { + "description": "Kind of the identity. Must be supported by the infrastructure provider and may be either cluster or namespace-scoped.", "type": "string", "minLength": 1 }, "name": { + "description": "Name of the infrastructure identity to be used.", "type": "string" } }, "additionalProperties": false }, "instanceID": { + "description": "Instance ID. Should only be useful to modify an existing instance.", "type": "string" }, "offering": { + "description": "CloudStack compute offering.", "type": "string" }, "providerID": { + "description": "The CS specific unique identifier. Of the form: fmt.Sprintf(\"cloudstack:///%s\", CS Machine Id)", "type": "string" }, "sshKey": { + "description": "CloudStack ssh key to use.", "type": "string" }, "template": { + "description": "CloudStack template to use.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "Type pulled mostly from the CloudStack API.", "type": "object", "required": [ "ready" ], "properties": { "addresses": { + "description": "Addresses contains a CloudStack VM instance's IP addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -74,9 +90,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -84,9 +102,11 @@ } }, "instanceState": { + "description": "InstanceState is the state of the CloudStack instance for this machine.", "type": "string" }, "ready": { + "description": "Ready indicates the readiness of the provider resource.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha3.json index fdf91ccc5..bbb6f214a 100644 --- a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "CloudStackMachineTemplate is the Schema for the cloudstackmachinetemplates API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CloudStackMachineTemplateSpec defines the desired state of CloudStackMachineTemplate", "type": "object", "required": [ "template" @@ -23,9 +27,11 @@ ], "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object" }, "spec": { + "description": "CloudStackMachineSpec defines the desired state of CloudStackMachine", "type": "object", "required": [ "offering", @@ -33,18 +39,21 @@ ], "properties": { "affinitygroupids": { + "description": "Optional affinitygroupids for deployVirtualMachine", "type": "array", "items": { "type": "string" } }, "details": { + "description": "Optional details map for deployVirtualMachine", "type": "object", "additionalProperties": { "type": "string" } }, "identityRef": { + "description": "IdentityRef is a reference to a identity to be used when reconciling this cluster", "type": "object", "required": [ "kind", @@ -52,28 +61,35 @@ ], "properties": { "kind": { + "description": "Kind of the identity. Must be supported by the infrastructure provider and may be either cluster or namespace-scoped.", "type": "string", "minLength": 1 }, "name": { + "description": "Name of the infrastructure identity to be used.", "type": "string" } }, "additionalProperties": false }, "instanceID": { + "description": "Instance ID. Should only be useful to modify an existing instance.", "type": "string" }, "offering": { + "description": "CloudStack compute offering.", "type": "string" }, "providerID": { + "description": "The CS specific unique identifier. Of the form: fmt.Sprintf(\"cloudstack:///%s\", CS Machine Id)", "type": "string" }, "sshKey": { + "description": "CloudStack ssh key to use.", "type": "string" }, "template": { + "description": "CloudStack template to use.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha4.json index 01d682cda..b5acf5606 100644 --- a/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/cloudstackmachinetemplate_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "CloudStackMachineTemplate is the Schema for the cloudstackmachinetemplates API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "CloudStackMachineTemplateSpec defines the desired state of CloudStackMachineTemplate", "type": "object", "required": [ "template" @@ -23,9 +27,11 @@ ], "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object" }, "spec": { + "description": "CloudStackMachineSpec defines the desired state of CloudStackMachine", "type": "object", "required": [ "offering", @@ -33,12 +39,14 @@ ], "properties": { "details": { + "description": "Optional details map for deployVirtualMachine", "type": "object", "additionalProperties": { "type": "string" } }, "identityRef": { + "description": "IdentityRef is a reference to a identity to be used when reconciling this cluster", "type": "object", "required": [ "kind", @@ -46,28 +54,35 @@ ], "properties": { "kind": { + "description": "Kind of the identity. Must be supported by the infrastructure provider and may be either cluster or namespace-scoped.", "type": "string", "minLength": 1 }, "name": { + "description": "Name of the infrastructure identity to be used.", "type": "string" } }, "additionalProperties": false }, "instanceID": { + "description": "Instance ID. Should only be useful to modify an existing instance.", "type": "string" }, "offering": { + "description": "CloudStack compute offering.", "type": "string" }, "providerID": { + "description": "The CS specific unique identifier. Of the form: fmt.Sprintf(\"cloudstack:///%s\", CS Machine Id)", "type": "string" }, "sshKey": { + "description": "CloudStack ssh key to use.", "type": "string" }, "template": { + "description": "CloudStack template to use.", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha2.json b/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha2.json index 0c8525047..187d755d5 100644 --- a/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha2.json +++ b/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha2.json @@ -1,28 +1,35 @@ { + "description": "DOCluster is the Schema for the dOClusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DOClusterSpec defines the desired state of DOCluster.", "type": "object", "required": [ "region" ], "properties": { "network": { + "description": "Network configurations", "type": "object", "properties": { "apiServerLoadbalancers": { + "description": "Configures an API Server loadbalancers", "type": "object", "properties": { "algorithm": { + "description": "The API Server load balancing algorithm used to determine which backend Droplet will be selected by a client. It must be either \"round_robin\" or \"least_connections\". The default value is \"round_robin\".", "type": "string", "enum": [ "round_robin", @@ -30,24 +37,29 @@ ] }, "healthCheck": { + "description": "An object specifying health check settings for the Load Balancer. If omitted, default values will be provided.", "type": "object", "properties": { "healthyThreshold": { + "description": "The number of times a health check must pass for a backend Droplet to be marked \"healthy\" and be re-added to the pool. The vaule must be between 2 and 10. If not specified, the default value is 5.", "type": "integer", "maximum": 10, "minimum": 2 }, "interval": { + "description": "The number of seconds between between two consecutive health checks. The value must be between 3 and 300. If not specified, the default value is 10.", "type": "integer", "maximum": 300, "minimum": 3 }, "timeout": { + "description": "The number of seconds the Load Balancer instance will wait for a response until marking a health check as failed. The value must be between 3 and 300. If not specified, the default value is 5.", "type": "integer", "maximum": 300, "minimum": 3 }, "unhealthyThreshold": { + "description": "The number of times a health check must fail for a backend Droplet to be marked \"unhealthy\" and be removed from the pool. The vaule must be between 2 and 10. If not specified, the default value is 3.", "type": "integer", "maximum": 10, "minimum": 2 @@ -56,6 +68,7 @@ "additionalProperties": false }, "port": { + "description": "API Server port. It must be valid ports range (1-65535). If omitted, default value is 6443.", "type": "integer", "maximum": 65535, "minimum": 1 @@ -67,17 +80,21 @@ "additionalProperties": false }, "region": { + "description": "The DigitalOcean Region the cluster lives in. It must be one of available region on DigitalOcean. See https://developers.digitalocean.com/documentation/v2/#list-all-regions", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "DOClusterStatus defines the observed state of DOCluster.", "type": "object", "properties": { "apiEndpoints": { + "description": "APIEndpoints represents the endpoints to communicate with the control plane.", "type": "array", "items": { + "description": "APIEndpoint represents a reachable Kubernetes API endpoint.", "type": "object", "required": [ "host", @@ -85,9 +102,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer" } }, @@ -95,15 +114,19 @@ } }, "network": { + "description": "Network encapsulates all things related to DigitalOcean network.", "type": "object", "properties": { "apiServerLoadbalancersRef": { + "description": "APIServerLoadbalancersRef is the id of apiserver loadbalancers.", "type": "object", "properties": { "resourceId": { + "description": "ID of DigitalOcean resource", "type": "string" }, "resourceStatus": { + "description": "Status of DigitalOcean resource", "type": "string" } }, @@ -113,6 +136,7 @@ "additionalProperties": false }, "ready": { + "description": "Ready denotes that the cluster (infrastructure) is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha3.json index 5e9a7253d..9e3d4490c 100644 --- a/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/docluster_v1alpha3.json @@ -1,22 +1,27 @@ { + "description": "DOCluster is the Schema for the DOClusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DOClusterSpec defines the desired state of DOCluster.", "type": "object", "required": [ "region" ], "properties": { "controlPlaneDNS": { + "description": "ControlPlaneDNS is a managed DNS name that points to the load-balancer IP used for the ControlPlaneEndpoint.", "type": "object", "required": [ "domain", @@ -24,10 +29,12 @@ ], "properties": { "domain": { + "description": "Domain is the DO domain that this record should live in. It must be pre-existing in your DO account. The format must be a string that conforms to the definition of a subdomain in DNS (RFC 1123)", "type": "string", "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" }, "name": { + "description": "Name is the DNS short name of the record (non-FQDN) The format must consist of alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character", "type": "string", "pattern": "^[a-z0-9]([-a-z0-9.]*[a-z0-9])?$" } @@ -35,6 +42,7 @@ "additionalProperties": false }, "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. If ControlPlaneDNS is unset, the DO load-balancer IP of the Kubernetes API Server is used.", "type": "object", "required": [ "host", @@ -42,9 +50,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -52,12 +62,15 @@ "additionalProperties": false }, "network": { + "description": "Network configurations", "type": "object", "properties": { "apiServerLoadbalancers": { + "description": "Configures an API Server loadbalancers", "type": "object", "properties": { "algorithm": { + "description": "The API Server load balancing algorithm used to determine which backend Droplet will be selected by a client. It must be either \"round_robin\" or \"least_connections\". The default value is \"round_robin\".", "type": "string", "enum": [ "round_robin", @@ -65,24 +78,29 @@ ] }, "healthCheck": { + "description": "An object specifying health check settings for the Load Balancer. If omitted, default values will be provided.", "type": "object", "properties": { "healthyThreshold": { + "description": "The number of times a health check must pass for a backend Droplet to be marked \"healthy\" and be re-added to the pool. The vaule must be between 2 and 10. If not specified, the default value is 5.", "type": "integer", "maximum": 10, "minimum": 2 }, "interval": { + "description": "The number of seconds between between two consecutive health checks. The value must be between 3 and 300. If not specified, the default value is 10.", "type": "integer", "maximum": 300, "minimum": 3 }, "timeout": { + "description": "The number of seconds the Load Balancer instance will wait for a response until marking a health check as failed. The value must be between 3 and 300. If not specified, the default value is 5.", "type": "integer", "maximum": 300, "minimum": 3 }, "unhealthyThreshold": { + "description": "The number of times a health check must fail for a backend Droplet to be marked \"unhealthy\" and be removed from the pool. The vaule must be between 2 and 10. If not specified, the default value is 3.", "type": "integer", "maximum": 10, "minimum": 2 @@ -91,20 +109,24 @@ "additionalProperties": false }, "port": { + "description": "API Server port. It must be valid ports range (1-65535). If omitted, default value is 6443.", "type": "integer", "maximum": 65535, "minimum": 1 }, "resourceId": { + "description": "The DO load balancer UUID. If omitted, a new load balancer will be created.", "type": "string" } }, "additionalProperties": false }, "vpc": { + "description": "VPC defines the VPC configuration.", "type": "object", "properties": { "vpc_uuid": { + "description": "VPCUUID defines the VPC UUID to use. An empty value implies using the default VPC.", "type": "string" } }, @@ -114,27 +136,34 @@ "additionalProperties": false }, "region": { + "description": "The DigitalOcean Region the cluster lives in. It must be one of available region on DigitalOcean. See https://developers.digitalocean.com/documentation/v2/#list-all-regions", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "DOClusterStatus defines the observed state of DOCluster.", "type": "object", "properties": { "controlPlaneDNSRecordReady": { + "description": "ControlPlaneDNSRecordReady denotes that the DNS record is ready and propagated to the DO DNS servers.", "type": "boolean" }, "network": { + "description": "Network encapsulates all things related to DigitalOcean network.", "type": "object", "properties": { "apiServerLoadbalancersRef": { + "description": "APIServerLoadbalancersRef is the id of apiserver loadbalancers.", "type": "object", "properties": { "resourceId": { + "description": "ID of DigitalOcean resource", "type": "string" }, "resourceStatus": { + "description": "Status of DigitalOcean resource", "type": "string" } }, @@ -144,6 +173,7 @@ "additionalProperties": false }, "ready": { + "description": "Ready denotes that the cluster (infrastructure) is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha2.json b/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha2.json index 0e5bbd244..93adfde75 100644 --- a/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha2.json +++ b/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha2.json @@ -1,16 +1,20 @@ { + "description": "DOMachine is the Schema for the domachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DOMachineSpec defines the desired state of DOMachine.", "type": "object", "required": [ "image", @@ -19,12 +23,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to DigitalOcean resources managed by the DigitalOcean provider.", "type": "array", "items": { "type": "string" } }, "image": { + "description": "Droplet image can be image id or slug. See https://developers.digitalocean.com/documentation/v2/#list-all-images", "anyOf": [ { "type": "integer" @@ -36,12 +42,15 @@ "x-kubernetes-int-or-string": true }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "size": { + "description": "Droplet size. It must be known DigitalOcean droplet size. See https://developers.digitalocean.com/documentation/v2/#list-all-sizes", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the ssh key id or fingerprint to attach in DigitalOcean droplet. It must be available on DigitalOcean account. See https://developers.digitalocean.com/documentation/v2/#list-all-keys", "type": "array", "items": { "anyOf": [ @@ -59,11 +68,14 @@ "additionalProperties": false }, "status": { + "description": "DOMachineStatus defines the observed state of DOMachine.", "type": "object", "properties": { "addresses": { + "description": "Addresses contains the DigitalOcean droplet associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -71,9 +83,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -81,15 +95,19 @@ } }, "errorMessage": { + "description": "ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "ErrorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "instanceStatus": { + "description": "InstanceStatus is the status of the DigitalOcean droplet instance for this machine.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha3.json index e851d4f59..11e58893a 100644 --- a/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/domachine_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "DOMachine is the Schema for the domachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DOMachineSpec defines the desired state of DOMachine.", "type": "object", "required": [ "image", @@ -19,14 +23,17 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to DigitalOcean resources managed by the DigitalOcean provider.", "type": "array", "items": { "type": "string" } }, "dataDisks": { + "description": "DataDisks specifies the parameters that are used to add one or more data disks to the machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add a data disk to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -34,16 +41,20 @@ ], "properties": { "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int64" }, "filesystemLabel": { + "description": "FilesystemLabel is the label that is applied to the created filesystem. Character limits apply: 16 for ext4; 12 for xfs. May only be used in conjunction with filesystemType.", "type": "string" }, "filesystemType": { + "description": "FilesystemType to be used on the volume. When provided the volume will be automatically formatted.", "type": "string" }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cdropletName\u003e-\u003cnameSuffix\u003e.", "type": "string" } }, @@ -51,6 +62,7 @@ } }, "image": { + "description": "Droplet image can be image id or slug. See https://developers.digitalocean.com/documentation/v2/#list-all-images", "anyOf": [ { "type": "integer" @@ -62,12 +74,15 @@ "x-kubernetes-int-or-string": true }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "size": { + "description": "Droplet size. It must be known DigitalOcean droplet size. See https://developers.digitalocean.com/documentation/v2/#list-all-sizes", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the ssh key id or fingerprint to attach in DigitalOcean droplet. It must be available on DigitalOcean account. See https://developers.digitalocean.com/documentation/v2/#list-all-keys", "type": "array", "items": { "anyOf": [ @@ -85,11 +100,14 @@ "additionalProperties": false }, "status": { + "description": "DOMachineStatus defines the observed state of DOMachine.", "type": "object", "properties": { "addresses": { + "description": "Addresses contains the DigitalOcean droplet associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -97,9 +115,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -107,20 +127,26 @@ } }, "failureMessage": { + "description": "FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "failureReason": { + "description": "FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "instanceStatus": { + "description": "InstanceStatus is the status of the DigitalOcean droplet instance for this machine.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "volumes": { + "description": "Volumes contains the DigitalOcean droplet associated block storage volumes.", "type": "array", "items": { + "description": "DOVolume defines a DO Block Storage Volume.", "type": "object", "required": [ "id" diff --git a/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha2.json b/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha2.json index 43c293ab9..fbe8f6728 100644 --- a/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha2.json +++ b/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha2.json @@ -1,28 +1,34 @@ { + "description": "DOMachineTemplate is the Schema for the domachinetemplates API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DOMachineTemplateSpec defines the desired state of DOMachineTemplate.", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "DOMachineTemplateResource describes the data needed to create am DOMachine from a template.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "image", @@ -31,12 +37,14 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to DigitalOcean resources managed by the DigitalOcean provider.", "type": "array", "items": { "type": "string" } }, "image": { + "description": "Droplet image can be image id or slug. See https://developers.digitalocean.com/documentation/v2/#list-all-images", "anyOf": [ { "type": "integer" @@ -48,12 +56,15 @@ "x-kubernetes-int-or-string": true }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "size": { + "description": "Droplet size. It must be known DigitalOcean droplet size. See https://developers.digitalocean.com/documentation/v2/#list-all-sizes", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the ssh key id or fingerprint to attach in DigitalOcean droplet. It must be available on DigitalOcean account. See https://developers.digitalocean.com/documentation/v2/#list-all-keys", "type": "array", "items": { "anyOf": [ diff --git a/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha3.json index 33c8af650..b1674757a 100644 --- a/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/domachinetemplate_v1alpha3.json @@ -1,28 +1,34 @@ { + "description": "DOMachineTemplate is the Schema for the domachinetemplates API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DOMachineTemplateSpec defines the desired state of DOMachineTemplate.", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "DOMachineTemplateResource describes the data needed to create am DOMachine from a template.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "image", @@ -31,14 +37,17 @@ ], "properties": { "additionalTags": { + "description": "AdditionalTags is an optional set of tags to add to DigitalOcean resources managed by the DigitalOcean provider.", "type": "array", "items": { "type": "string" } }, "dataDisks": { + "description": "DataDisks specifies the parameters that are used to add one or more data disks to the machine", "type": "array", "items": { + "description": "DataDisk specifies the parameters that are used to add a data disk to the machine.", "type": "object", "required": [ "diskSizeGB", @@ -46,16 +55,20 @@ ], "properties": { "diskSizeGB": { + "description": "DiskSizeGB is the size in GB to assign to the data disk.", "type": "integer", "format": "int64" }, "filesystemLabel": { + "description": "FilesystemLabel is the label that is applied to the created filesystem. Character limits apply: 16 for ext4; 12 for xfs. May only be used in conjunction with filesystemType.", "type": "string" }, "filesystemType": { + "description": "FilesystemType to be used on the volume. When provided the volume will be automatically formatted.", "type": "string" }, "nameSuffix": { + "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format \u003cdropletName\u003e-\u003cnameSuffix\u003e.", "type": "string" } }, @@ -63,6 +76,7 @@ } }, "image": { + "description": "Droplet image can be image id or slug. See https://developers.digitalocean.com/documentation/v2/#list-all-images", "anyOf": [ { "type": "integer" @@ -74,12 +88,15 @@ "x-kubernetes-int-or-string": true }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "size": { + "description": "Droplet size. It must be known DigitalOcean droplet size. See https://developers.digitalocean.com/documentation/v2/#list-all-sizes", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the ssh key id or fingerprint to attach in DigitalOcean droplet. It must be available on DigitalOcean account. See https://developers.digitalocean.com/documentation/v2/#list-all-keys", "type": "array", "items": { "anyOf": [ diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmpowervscluster_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/ibmpowervscluster_v1alpha4.json index bdc1c6872..2cb4043b2 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmpowervscluster_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmpowervscluster_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "IBMPowerVSCluster is the Schema for the ibmpowervsclusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMPowerVSClusterSpec defines the desired state of IBMPowerVSCluster.", "type": "object", "required": [ "network", @@ -18,6 +22,7 @@ ], "properties": { "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -25,9 +30,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -35,30 +42,36 @@ "additionalProperties": false }, "network": { + "description": "Network is the reference to the Network to use for this cluster.", "type": "object", "properties": { "id": { + "description": "ID of resource", "type": "string" }, "name": { + "description": "Name of resource", "type": "string" } }, "additionalProperties": false }, "serviceInstanceID": { + "description": "ServiceInstanceID is the id of the power cloud instance where the vsi instance will get deployed.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "IBMPowerVSClusterStatus defines the observed state of IBMPowerVSCluster.", "type": "object", "required": [ "ready" ], "properties": { "ready": { + "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run \"make\" to regenerate code after modifying this file", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachine_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachine_v1alpha4.json index de5baff78..c1037ccd3 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachine_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachine_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "IBMPowerVSMachine is the Schema for the ibmpowervsmachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMPowerVSMachineSpec defines the desired state of IBMPowerVSMachine.", "type": "object", "required": [ "image", @@ -23,62 +27,78 @@ ], "properties": { "image": { + "description": "Image is the reference to the Image from which to create the machine instance.", "type": "object", "properties": { "id": { + "description": "ID of resource", "type": "string" }, "name": { + "description": "Name of resource", "type": "string" } }, "additionalProperties": false }, "memory": { + "description": "Memory is Amount of memory allocated (in GB)", "type": "string" }, "network": { + "description": "Network is the reference to the Network to use for this instance.", "type": "object", "properties": { "id": { + "description": "ID of resource", "type": "string" }, "name": { + "description": "Name of resource", "type": "string" } }, "additionalProperties": false }, "procType": { + "description": "ProcType is the processor type, e.g: dedicated, shared, capped", "type": "string" }, "processors": { + "description": "Processors is Number of processors allocated.", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "serviceInstanceID": { + "description": "ServiceInstanceID is the id of the power cloud instance where the vsi instance will get deployed.", "type": "string" }, "sshKey": { + "description": "SSHKey is the name of the SSH key pair provided to the vsi for authenticating users.", "type": "string" }, "sysType": { + "description": "SysType is the System type used to host the vsi.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "IBMPowerVSMachineStatus defines the observed state of IBMPowerVSMachine.", "type": "object", "required": [ "instanceState" ], "properties": { "addresses": { + "description": "Addresses contains the vsi associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -86,9 +106,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -96,18 +118,22 @@ } }, "fault": { + "description": "Fault will report if any fault messages for the vsi.", "type": "string" }, "health": { + "description": "Health is the health of the vsi.", "type": "string" }, "instanceID": { "type": "string" }, "instanceState": { + "description": "InstanceState is the status of the vsi.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachinetemplate_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachinetemplate_v1alpha4.json index 185385cd0..03c051aba 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachinetemplate_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmpowervsmachinetemplate_v1alpha4.json @@ -1,28 +1,34 @@ { + "description": "IBMPowerVSMachineTemplate is the Schema for the ibmpowervsmachinetemplates API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMPowerVSMachineTemplateSpec defines the desired state of IBMPowerVSMachineTemplate.", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "IBMPowerVSMachineTemplateResource holds the IBMPowerVSMachine spec.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "IBMPowerVSMachineSpec defines the desired state of IBMPowerVSMachine.", "type": "object", "required": [ "image", @@ -35,48 +41,61 @@ ], "properties": { "image": { + "description": "Image is the reference to the Image from which to create the machine instance.", "type": "object", "properties": { "id": { + "description": "ID of resource", "type": "string" }, "name": { + "description": "Name of resource", "type": "string" } }, "additionalProperties": false }, "memory": { + "description": "Memory is Amount of memory allocated (in GB)", "type": "string" }, "network": { + "description": "Network is the reference to the Network to use for this instance.", "type": "object", "properties": { "id": { + "description": "ID of resource", "type": "string" }, "name": { + "description": "Name of resource", "type": "string" } }, "additionalProperties": false }, "procType": { + "description": "ProcType is the processor type, e.g: dedicated, shared, capped", "type": "string" }, "processors": { + "description": "Processors is Number of processors allocated.", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "serviceInstanceID": { + "description": "ServiceInstanceID is the id of the power cloud instance where the vsi instance will get deployed.", "type": "string" }, "sshKey": { + "description": "SSHKey is the name of the SSH key pair provided to the vsi for authenticating users.", "type": "string" }, "sysType": { + "description": "SysType is the System type used to host the vsi.", "type": "string" } }, @@ -89,6 +108,7 @@ "additionalProperties": false }, "status": { + "description": "IBMPowerVSMachineTemplateStatus defines the observed state of IBMPowerVSMachineTemplate.", "type": "object" } } diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha3.json index 6817a4ca1..6b2b7c6b6 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "IBMVPCCluster is the Schema for the ibmvpcclusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMVPCClusterSpec defines the desired state of IBMVPCCluster.", "type": "object", "required": [ "region", @@ -18,6 +22,7 @@ ], "properties": { "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -25,9 +30,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -35,30 +42,37 @@ "additionalProperties": false }, "region": { + "description": "The IBM Cloud Region the cluster lives in.", "type": "string" }, "resourceGroup": { + "description": "The VPC resources should be created under the resource group.", "type": "string" }, "vpc": { + "description": "The Name of VPC.", "type": "string" }, "zone": { + "description": "The Name of availability zone.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "IBMVPCClusterStatus defines the observed state of IBMVPCCluster.", "type": "object", "required": [ "ready" ], "properties": { "ready": { + "description": "Bastion Instance `json:\"bastion,omitempty\"`", "type": "boolean" }, "subnet": { + "description": "Subnet describes a subnet.", "type": "object", "required": [ "cidr", @@ -83,6 +97,7 @@ "additionalProperties": false }, "vpc": { + "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run \"make\" to regenerate code after modifying this file", "type": "object", "required": [ "id", @@ -99,6 +114,7 @@ "additionalProperties": false }, "vpcEndpoint": { + "description": "VPCEndpoint describes a VPCEndpoint.", "type": "object", "required": [ "address", diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha4.json index 6817a4ca1..6b2b7c6b6 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmvpccluster_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "IBMVPCCluster is the Schema for the ibmvpcclusters API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMVPCClusterSpec defines the desired state of IBMVPCCluster.", "type": "object", "required": [ "region", @@ -18,6 +22,7 @@ ], "properties": { "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -25,9 +30,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -35,30 +42,37 @@ "additionalProperties": false }, "region": { + "description": "The IBM Cloud Region the cluster lives in.", "type": "string" }, "resourceGroup": { + "description": "The VPC resources should be created under the resource group.", "type": "string" }, "vpc": { + "description": "The Name of VPC.", "type": "string" }, "zone": { + "description": "The Name of availability zone.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "IBMVPCClusterStatus defines the observed state of IBMVPCCluster.", "type": "object", "required": [ "ready" ], "properties": { "ready": { + "description": "Bastion Instance `json:\"bastion,omitempty\"`", "type": "boolean" }, "subnet": { + "description": "Subnet describes a subnet.", "type": "object", "required": [ "cidr", @@ -83,6 +97,7 @@ "additionalProperties": false }, "vpc": { + "description": "INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run \"make\" to regenerate code after modifying this file", "type": "object", "required": [ "id", @@ -99,6 +114,7 @@ "additionalProperties": false }, "vpcEndpoint": { + "description": "VPCEndpoint describes a VPCEndpoint.", "type": "object", "required": [ "address", diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha3.json index 1234a0627..3ed25a113 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "IBMVPCMachine is the Schema for the ibmvpcmachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMVPCMachineSpec defines the desired state of IBMVPCMachine.", "type": "object", "required": [ "image", @@ -19,47 +23,58 @@ ], "properties": { "image": { + "description": "Image is the id of OS image which would be install on the instance. Example: r134-ed3f775f-ad7e-4e37-ae62-7199b4988b00 TODO: allow user to specify a image name is much reasonable. Example: ibm-ubuntu-18-04-1-minimal-amd64-2", "type": "string" }, "name": { + "description": "Name of the instance.", "type": "string" }, "primaryNetworkInterface": { + "description": "PrimaryNetworkInterface is required to specify subnet.", "type": "object", "properties": { "subnet": { + "description": "Subnet ID of the network interface", "type": "string" } }, "additionalProperties": false }, "profile": { + "description": "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps TODO: add a reference link of profile", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the SSH pub keys that will be used to access VM.", "type": "array", "items": { "type": "string" } }, "zone": { + "description": "Zone is the place where the instance should be created. Example: us-south-3 TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "IBMVPCMachineStatus defines the observed state of IBMVPCMachine.", "type": "object", "required": [ "ready" ], "properties": { "addresses": { + "description": "Addresses contains the GCP instance associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -67,9 +82,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -80,6 +97,7 @@ "type": "string" }, "instanceState": { + "description": "InstanceStatus is the status of the GCP instance for this machine.", "type": "string" }, "ready": { diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha4.json index 1234a0627..5d45addb2 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachine_v1alpha4.json @@ -1,16 +1,20 @@ { + "description": "IBMVPCMachine is the Schema for the ibmvpcmachines API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMVPCMachineSpec defines the desired state of IBMVPCMachine.", "type": "object", "required": [ "image", @@ -19,47 +23,58 @@ ], "properties": { "image": { + "description": "Image is the id of OS image which would be install on the instance. Example: r134-ed3f775f-ad7e-4e37-ae62-7199b4988b00 TODO: allow user to specify a image name is much reasonable. Example: ibm-ubuntu-18-04-1-minimal-amd64-2", "type": "string" }, "name": { + "description": "Name of the instance", "type": "string" }, "primaryNetworkInterface": { + "description": "PrimaryNetworkInterface is required to specify subnet.", "type": "object", "properties": { "subnet": { + "description": "Subnet ID of the network interface", "type": "string" } }, "additionalProperties": false }, "profile": { + "description": "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps TODO: add a reference link of profile", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the SSH pub keys that will be used to access VM.", "type": "array", "items": { "type": "string" } }, "zone": { + "description": "Zone is the place where the instance should be created. Example: us-south-3 TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "IBMVPCMachineStatus defines the observed state of IBMVPCMachine.", "type": "object", "required": [ "ready" ], "properties": { "addresses": { + "description": "Addresses contains the GCP instance associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -67,9 +82,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -80,6 +97,7 @@ "type": "string" }, "instanceState": { + "description": "InstanceStatus is the status of the GCP instance for this machine.", "type": "string" }, "ready": { diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha3.json index 11126eea5..89c68750c 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha3.json @@ -1,28 +1,34 @@ { + "description": "IBMVPCMachineTemplate is the Schema for the IBMVPCMachinetemplates API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMVPCMachineTemplateSpec defines the desired state of IBMVPCMachineTemplate.", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "IBMVPCMachineTemplateResource describes the data needed to create am IBMVPCMachine from a template.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "image", @@ -31,33 +37,41 @@ ], "properties": { "image": { + "description": "Image is the id of OS image which would be install on the instance. Example: r134-ed3f775f-ad7e-4e37-ae62-7199b4988b00 TODO: allow user to specify a image name is much reasonable. Example: ibm-ubuntu-18-04-1-minimal-amd64-2", "type": "string" }, "name": { + "description": "Name of the instance.", "type": "string" }, "primaryNetworkInterface": { + "description": "PrimaryNetworkInterface is required to specify subnet.", "type": "object", "properties": { "subnet": { + "description": "Subnet ID of the network interface", "type": "string" } }, "additionalProperties": false }, "profile": { + "description": "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps TODO: add a reference link of profile", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the SSH pub keys that will be used to access VM.", "type": "array", "items": { "type": "string" } }, "zone": { + "description": "Zone is the place where the instance should be created. Example: us-south-3 TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha4.json b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha4.json index 11126eea5..8874d0037 100644 --- a/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha4.json +++ b/schema/infrastructure.cluster.x-k8s.io/ibmvpcmachinetemplate_v1alpha4.json @@ -1,28 +1,34 @@ { + "description": "IBMVPCMachineTemplate is the Schema for the IBMVPCMachinetemplates API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IBMVPCMachineTemplateSpec defines the desired state of IBMVPCMachineTemplate.", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "IBMVPCMachineTemplateResource describes the data needed to create am IBMVPCMachine from a template.", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "image", @@ -31,33 +37,41 @@ ], "properties": { "image": { + "description": "Image is the id of OS image which would be install on the instance. Example: r134-ed3f775f-ad7e-4e37-ae62-7199b4988b00 TODO: allow user to specify a image name is much reasonable. Example: ibm-ubuntu-18-04-1-minimal-amd64-2", "type": "string" }, "name": { + "description": "Name of the instance", "type": "string" }, "primaryNetworkInterface": { + "description": "PrimaryNetworkInterface is required to specify subnet.", "type": "object", "properties": { "subnet": { + "description": "Subnet ID of the network interface", "type": "string" } }, "additionalProperties": false }, "profile": { + "description": "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps TODO: add a reference link of profile", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshKeys": { + "description": "SSHKeys is the SSH pub keys that will be used to access VM.", "type": "array", "items": { "type": "string" } }, "zone": { + "description": "Zone is the place where the instance should be created. Example: us-south-3 TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/kubemarkmachine_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/kubemarkmachine_v1alpha3.json index ec7d321be..d677d4d36 100644 --- a/schema/infrastructure.cluster.x-k8s.io/kubemarkmachine_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/kubemarkmachine_v1alpha3.json @@ -1,28 +1,35 @@ { + "description": "KubemarkMachine is the Schema for the kubemarkmachines API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "KubemarkMachineSpec defines the desired state of KubemarkMachine", "type": "object", "properties": { "foo": { + "description": "Foo is an example field of KubemarkMachine. Edit KubemarkMachine_types.go to remove/update", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "KubemarkMachineStatus defines the observed state of KubemarkMachine", "type": "object", "properties": { "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/kubemarkmachinetemplate_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/kubemarkmachinetemplate_v1alpha3.json index f248d10cd..d15c9cdc8 100644 --- a/schema/infrastructure.cluster.x-k8s.io/kubemarkmachinetemplate_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/kubemarkmachinetemplate_v1alpha3.json @@ -1,31 +1,38 @@ { + "description": "KubemarkMachineTemplate is the Schema for the kubemarkmachinetemplates API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "KubemarkMachineTemplateSpec defines the desired state of KubemarkMachineTemplate", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "KubemarkMachineTemplateResource describes the data needed to create am KubemarkMachine from a template", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "properties": { "foo": { + "description": "Foo is an example field of KubemarkMachine. Edit KubemarkMachine_types.go to remove/update", "type": "string" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/packetcluster_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/packetcluster_v1alpha3.json index 400b55493..4c5105c1e 100644 --- a/schema/infrastructure.cluster.x-k8s.io/packetcluster_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/packetcluster_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "PacketCluster is the Schema for the packetclusters API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "PacketClusterSpec defines the desired state of PacketCluster", "type": "object", "required": [ "projectID", @@ -18,6 +22,7 @@ ], "properties": { "controlPlaneEndpoint": { + "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "type": "object", "required": [ "host", @@ -25,9 +30,11 @@ ], "properties": { "host": { + "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { + "description": "The port on which the API server is serving.", "type": "integer", "format": "int32" } @@ -35,15 +42,19 @@ "additionalProperties": false }, "facility": { + "description": "Facility represents the Packet facility for this cluster", "type": "string" }, "metro": { + "description": "Metro represents the Packet metro for this cluster", "type": "string" }, "projectID": { + "description": "ProjectID represents the Packet Project where this cluster will be placed into", "type": "string" }, "vipManager": { + "description": "VIPManager represents whether this cluster uses CPEM or kube-vip to manage its vip for the api server IP", "type": "string", "default": "CPEM", "enum": [ @@ -55,9 +66,11 @@ "additionalProperties": false }, "status": { + "description": "PacketClusterStatus defines the observed state of PacketCluster", "type": "object", "properties": { "ready": { + "description": "Ready denotes that the cluster (infrastructure) is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/packetmachine_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/packetmachine_v1alpha3.json index 5b16f7447..7fbf6e526 100644 --- a/schema/infrastructure.cluster.x-k8s.io/packetmachine_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/packetmachine_v1alpha3.json @@ -1,16 +1,20 @@ { + "description": "PacketMachine is the Schema for the packetmachines API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "PacketMachineSpec defines the desired state of PacketMachine", "type": "object", "required": [ "OS", @@ -25,21 +29,26 @@ "type": "string" }, "facility": { + "description": "Facility represents the Packet facility for this cluster. Override from the PacketCluster spec.", "type": "string" }, "hardwareReservationID": { + "description": "HardwareReservationID is the unique device hardware reservation ID, a comma separated list of hardware reservation IDs, or `next-available` to automatically let the Packet api determine one.", "type": "string" }, "ipxeURL": { + "description": "IPXEUrl can be used to set the pxe boot url when using custom OSes with this provider. Note that OS should also be set to \"custom_ipxe\" if using this value.", "type": "string" }, "machineType": { "type": "string" }, "metro": { + "description": "Metro represents the Packet metro for this cluster Override from the PacketCluster spec.", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshKeys": { @@ -49,6 +58,7 @@ } }, "tags": { + "description": "Tags is an optional set of tags to add to Packet resources managed by the Packet provider.", "type": "array", "items": { "type": "string" @@ -58,11 +68,14 @@ "additionalProperties": false }, "status": { + "description": "PacketMachineStatus defines the observed state of PacketMachine", "type": "object", "properties": { "addresses": { + "description": "Addresses contains the Packet device associated addresses.", "type": "array", "items": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ "address", @@ -70,9 +83,11 @@ ], "properties": { "address": { + "description": "The node address.", "type": "string" }, "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string" } }, @@ -80,15 +95,19 @@ } }, "errorMessage": { + "description": "ErrorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. \n This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. \n Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "errorReason": { + "description": "Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, "instanceStatus": { + "description": "InstanceStatus is the status of the Packet device instance for this machine.", "type": "string" }, "ready": { + "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, diff --git a/schema/infrastructure.cluster.x-k8s.io/packetmachinetemplate_v1alpha3.json b/schema/infrastructure.cluster.x-k8s.io/packetmachinetemplate_v1alpha3.json index 4c7f4a236..e6470cd9a 100644 --- a/schema/infrastructure.cluster.x-k8s.io/packetmachinetemplate_v1alpha3.json +++ b/schema/infrastructure.cluster.x-k8s.io/packetmachinetemplate_v1alpha3.json @@ -1,28 +1,34 @@ { + "description": "PacketMachineTemplate is the Schema for the packetmachinetemplates API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "PacketMachineTemplateSpec defines the desired state of PacketMachineTemplate", "type": "object", "required": [ "template" ], "properties": { "template": { + "description": "PacketMachineTemplateResource describes the data needed to create am PacketMachine from a template", "type": "object", "required": [ "spec" ], "properties": { "spec": { + "description": "Spec is the specification of the desired behavior of the machine.", "type": "object", "required": [ "OS", @@ -37,21 +43,26 @@ "type": "string" }, "facility": { + "description": "Facility represents the Packet facility for this cluster. Override from the PacketCluster spec.", "type": "string" }, "hardwareReservationID": { + "description": "HardwareReservationID is the unique device hardware reservation ID, a comma separated list of hardware reservation IDs, or `next-available` to automatically let the Packet api determine one.", "type": "string" }, "ipxeURL": { + "description": "IPXEUrl can be used to set the pxe boot url when using custom OSes with this provider. Note that OS should also be set to \"custom_ipxe\" if using this value.", "type": "string" }, "machineType": { "type": "string" }, "metro": { + "description": "Metro represents the Packet metro for this cluster Override from the PacketCluster spec.", "type": "string" }, "providerID": { + "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "sshKeys": { @@ -61,6 +72,7 @@ } }, "tags": { + "description": "Tags is an optional set of tags to add to Packet resources managed by the Packet provider.", "type": "array", "items": { "type": "string" diff --git a/schema/job.min.io/miniojob_v1alpha1.json b/schema/job.min.io/miniojob_v1alpha1.json index 29b0ad45b..3e0939b23 100644 --- a/schema/job.min.io/miniojob_v1alpha1.json +++ b/schema/job.min.io/miniojob_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -10,33 +11,43 @@ "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "commands", + "serviceAccountName", + "tenant" + ], "properties": { "commands": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "args": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dependsOn": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -45,30 +56,33 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -77,19 +91,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -98,89 +113,81 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" @@ -189,29 +196,31 @@ "type": "string" }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "claims": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -220,13 +229,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -235,17 +244,20 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -269,27 +281,29 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumes": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" @@ -298,13 +312,14 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { "type": "string" @@ -325,14 +340,14 @@ "type": "boolean" } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { "type": "boolean" @@ -344,20 +359,19 @@ "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "path": { @@ -370,27 +384,27 @@ "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -399,69 +413,69 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeID": { "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "csi": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -470,44 +484,48 @@ "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "readOnly": { "type": "boolean" }, "volumeAttributes": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -516,26 +534,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -544,38 +563,31 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "type": "object", "properties": { "medium": { "type": "string" }, "sizeLimit": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -584,38 +596,40 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "ephemeral": { - "additionalProperties": false, + "type": "object", "properties": { "volumeClaimTemplate": { - "additionalProperties": false, + "type": "object", + "required": [ + "spec" + ], "properties": { "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -624,20 +638,24 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "accessModes": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "dataSource": { - "additionalProperties": false, + "type": "object", + "required": [ + "kind", + "name" + ], "properties": { "apiGroup": { "type": "string" @@ -649,15 +667,15 @@ "type": "string" } }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "type": "object", "required": [ "kind", "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "additionalProperties": false, "properties": { "apiGroup": { "type": "string" @@ -672,17 +690,15 @@ "type": "string" } }, - "required": [ - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -691,13 +707,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -706,20 +722,23 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -728,30 +747,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "storageClassName": { @@ -767,49 +781,49 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "spec" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" }, "targetWWNs": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "wwids": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -818,33 +832,30 @@ "type": "string" }, "options": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "type": "object", "properties": { "datasetName": { "type": "string" @@ -853,17 +864,20 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "pdName": { "type": "string" @@ -872,13 +886,13 @@ "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { "type": "string" @@ -890,13 +904,14 @@ "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { "type": "string" @@ -908,14 +923,13 @@ "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { "type": "string" @@ -924,13 +938,15 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { "type": "boolean" @@ -951,46 +967,45 @@ "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "portals": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "targetPortal": { "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "nfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { "type": "string" @@ -1002,14 +1017,13 @@ "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { "type": "string" @@ -1018,13 +1032,13 @@ "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { "type": "string" @@ -1033,13 +1047,13 @@ "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -1051,31 +1065,37 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "sources": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "clusterTrustBundle": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -1084,30 +1104,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "name": { @@ -1123,58 +1138,62 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -1183,26 +1202,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1211,99 +1231,94 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "path": { "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { "type": "string" @@ -1324,14 +1339,14 @@ "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { "type": "string" @@ -1343,10 +1358,10 @@ "type": "string" }, "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "pool": { @@ -1356,28 +1371,29 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { "type": "string" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { "type": "string" @@ -1392,14 +1408,14 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "sslEnabled": { @@ -1418,42 +1434,37 @@ "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "optional": { @@ -1463,10 +1474,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" @@ -1475,14 +1486,14 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeName": { @@ -1492,10 +1503,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { "type": "string" @@ -1510,32 +1524,27 @@ "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "containerSecurityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "appArmorProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -1544,30 +1553,27 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "drop": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -1579,18 +1585,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -1605,10 +1611,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -1617,13 +1626,10 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -1638,56 +1644,59 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "execution": { + "type": "string", "default": "parallel", "enum": [ "parallel", "sequential" - ], - "type": "string" + ] }, "failureStrategy": { + "type": "string", "default": "continueOnFailure", "enum": [ "continueOnFailure", "stopOnFailure" - ], - "type": "string" + ] }, "imagePullPolicy": { "type": "string" }, "imagePullSecret": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "insecure": { "type": "boolean" }, "mcImage": { - "default": "quay.io/minio/mc:RELEASE.2024-10-02T08-27-28Z", - "type": "string" + "type": "string", + "default": "quay.io/minio/mc:RELEASE.2024-10-02T08-27-28Z" }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "appArmorProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -1696,31 +1705,28 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "fsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "fsGroupChangePolicy": { "type": "string" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -1735,10 +1741,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -1747,22 +1756,24 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "type": "array", "items": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "sysctls": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1771,17 +1782,12 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -1796,16 +1802,20 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceAccountName": { "type": "string" }, "tenant": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "namespace" + ], "properties": { "name": { "type": "string" @@ -1814,26 +1824,21 @@ "type": "string" } }, - "required": [ - "name", - "namespace" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "commands", - "serviceAccountName", - "tenant" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "commands": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "result" + ], "properties": { "message": { "type": "string" @@ -1845,12 +1850,8 @@ "type": "string" } }, - "required": [ - "result" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "message": { "type": "string" @@ -1859,8 +1860,7 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/jobset.x-k8s.io/jobset_v1alpha1.json b/schema/jobset.x-k8s.io/jobset_v1alpha1.json index 1a97d17bf..f2a98c638 100644 --- a/schema/jobset.x-k8s.io/jobset_v1alpha1.json +++ b/schema/jobset.x-k8s.io/jobset_v1alpha1.json @@ -1,75 +1,94 @@ { + "description": "JobSet is the Schema for the jobsets API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "JobSetSpec defines the desired state of JobSet", + "type": "object", "properties": { "failurePolicy": { - "additionalProperties": false, + "description": "FailurePolicy, if set, configures when to declare the JobSet as failed. The JobSet is always declared failed if all jobs in the set finished with status failed.", + "type": "object", "properties": { "maxRestarts": { + "description": "MaxRestarts defines the limit on the number of JobSet restarts. A restart is achieved by recreating all active child jobs.", "type": "integer" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-validations": [ { - "message": "Value is immutable", - "rule": "self == oldSelf" + "rule": "self == oldSelf", + "message": "Value is immutable" } ] }, "replicatedJobs": { + "description": "ReplicatedJobs is the group of jobs that will form the set.", + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "template" + ], "properties": { "name": { + "description": "Name is the name of the entry and will be used as a suffix for the Job name.", "type": "string" }, "network": { - "additionalProperties": false, + "description": "Network defines the networking options for the job.", + "type": "object", "properties": { "enableDNSHostnames": { + "description": "EnableDNSHostnames allows pods to be reached via their hostnames. Pods will be reachable using the fully qualified pod hostname, which is in the format: \u003cjobSet.name\u003e-\u003cspec.replicatedJob.name\u003e-\u003cjob-index\u003e-\u003cpod-index\u003e.\u003cjobSet.name\u003e-\u003cspec.replicatedJob.name\u003e", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "replicas": { - "default": 1, - "type": "integer" + "description": "Replicas is the number of jobs that will be created from this ReplicatedJob's template. Jobs names will be in the format: \u003cjobSet.name\u003e-\u003cspec.replicatedJob.name\u003e-\u003cjob-index\u003e", + "type": "integer", + "default": 1 }, "template": { - "additionalProperties": false, + "description": "Template defines the template of the Job that will be created.", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "Standard object's metadata of the jobs created from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -78,167 +97,199 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "Specification of the desired behavior of the job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "type": "object", + "required": [ + "template" + ], "properties": { "activeDeadlineSeconds": { - "format": "int64", - "type": "integer" + "description": "Specifies the duration in seconds relative to the startTime that the job may be continuously active before the system tries to terminate it; value must be positive integer. If a Job is suspended (at creation or through an update), this timer will effectively be stopped and reset when the Job is resumed again.", + "type": "integer", + "format": "int64" }, "backoffLimit": { - "format": "int32", - "type": "integer" + "description": "Specifies the number of retries before marking this job failed. Defaults to 6", + "type": "integer", + "format": "int32" }, "completionMode": { + "description": "CompletionMode specifies how Pod completions are tracked. It can be `NonIndexed` (default) or `Indexed`. \n `NonIndexed` means that the Job is considered complete when there have been .spec.completions successfully completed Pods. Each Pod completion is homologous to each other. \n `Indexed` means that the Pods of a Job get an associated completion index from 0 to (.spec.completions - 1), available in the annotation batch.kubernetes.io/job-completion-index. The Job is considered complete when there is one successfully completed Pod for each index. When value is `Indexed`, .spec.completions must be specified and `.spec.parallelism` must be less than or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`, the Pod hostname takes the form `$(job-name)-$(index)`. \n More completion modes can be added in the future. If the Job controller observes a mode that it doesn't recognize, which is possible during upgrades due to version skew, the controller skips updates for the Job.", "type": "string" }, "completions": { - "format": "int32", - "type": "integer" + "description": "Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "type": "integer", + "format": "int32" }, "manualSelector": { + "description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector", "type": "boolean" }, "parallelism": { - "format": "int32", - "type": "integer" + "description": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) \u003c .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "type": "integer", + "format": "int32" }, "podFailurePolicy": { - "additionalProperties": false, + "description": "Specifies the policy of handling failed pods. In particular, it allows to specify the set of actions and conditions which need to be satisfied to take the associated action. If empty, the default behaviour applies - the counter of failed pods, represented by the jobs's .status.failed field, is incremented and it is checked against the backoffLimit. This field cannot be used in combination with restartPolicy=OnFailure. \n This field is alpha-level. To use this field, you must enable the `JobPodFailurePolicy` feature gate (disabled by default).", + "type": "object", + "required": [ + "rules" + ], "properties": { "rules": { + "description": "A list of pod failure policy rules. The rules are evaluated in order. Once a rule matches a Pod failure, the remaining of the rules are ignored. When no rule matches the Pod failure, the default handling applies - the counter of pod failures is incremented and it is checked against the backoffLimit. At most 20 elements are allowed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of OnExitCodes and onPodConditions, but not both, can be used in each rule.", + "type": "object", + "required": [ + "action", + "onPodConditions" + ], "properties": { "action": { + "description": "Specifies the action taken on a pod failure when the requirements are satisfied. Possible values are: - FailJob: indicates that the pod's job is marked as Failed and all running pods are terminated. - Ignore: indicates that the counter towards the .backoffLimit is not incremented and a replacement pod is created. - Count: indicates that the pod is handled in the default way - the counter towards the .backoffLimit is incremented. Additional values are considered to be added in the future. Clients should react to an unknown action by skipping the rule.", "type": "string" }, "onExitCodes": { - "additionalProperties": false, + "description": "Represents the requirement on the container exit codes.", + "type": "object", + "required": [ + "operator", + "values" + ], "properties": { "containerName": { + "description": "Restricts the check for exit codes to the container with the specified name. When null, the rule applies to all containers. When specified, it should match one the container or initContainer names in the pod template.", "type": "string" }, "operator": { + "description": "Represents the relationship between the container exit code(s) and the specified values. Containers completed with success (exit code 0) are excluded from the requirement check. Possible values are: - In: the requirement is satisfied if at least one container exit code (might be multiple if there are multiple containers not restricted by the 'containerName' field) is in the set of specified values. - NotIn: the requirement is satisfied if at least one container exit code (might be multiple if there are multiple containers not restricted by the 'containerName' field) is not in the set of specified values. Additional values are considered to be added in the future. Clients should react to an unknown operator by assuming the requirement is not satisfied.", "type": "string" }, "values": { + "description": "Specifies the set of values. Each returned container exit code (might be multiple in case of multiple containers) is checked against this set of values with respect to the operator. The list of values must be ordered and must not contain duplicates. Value '0' cannot be used for the In operator. At least one element is required. At most 255 elements are allowed.", + "type": "array", "items": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, - "type": "array", "x-kubernetes-list-type": "set" } }, - "required": [ - "operator", - "values" - ], - "type": "object" + "additionalProperties": false }, "onPodConditions": { + "description": "Represents the requirement on the pod conditions. The requirement is represented as a list of pod condition patterns. The requirement is satisfied if at least one pattern matches an actual pod condition. At most 20 elements are allowed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodFailurePolicyOnPodConditionsPattern describes a pattern for matching an actual pod condition type.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "status": { + "description": "Specifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.", "type": "string" }, "type": { + "description": "Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "action", - "onPodConditions" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "rules" - ], - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "suspend": { + "description": "Suspend specifies whether the Job controller should create Pods or not. If a Job is created with suspend set to true, no Pods are created by the Job controller. If a Job is suspended after creation (i.e. the flag goes from false to true), the Job controller will delete all active Pods associated with this Job. Users must design their workload to gracefully handle this. Suspending a Job will reset the StartTime field of the Job, effectively resetting the ActiveDeadlineSeconds timer too. Defaults to false.", "type": "boolean" }, "template": { - "additionalProperties": false, + "description": "Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "type": "object", "properties": { "metadata": { - "additionalProperties": false, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -247,673 +298,817 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "type": "object", + "required": [ + "containers" + ], "properties": { "activeDeadlineSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", + "type": "integer", + "format": "int64" }, "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", "type": "boolean" }, "containers": { + "description": "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A single application container that you want to run within a pod.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -922,140 +1117,163 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvFromSource represents the source of a set of ConfigMaps", + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "description": "The ConfigMap to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The Secret to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "additionalProperties": false, + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1067,21 +1285,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1093,58 +1315,69 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1156,21 +1389,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1182,81 +1419,96 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + }, + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1268,33 +1520,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1306,54 +1565,61 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerPort represents a network port in a single container.", + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", + "type": "integer", + "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "type": "integer", + "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { - "default": "TCP", - "type": "string" + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "type": "string", + "default": "TCP" } }, - "required": [ - "containerPort" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "containerPort", "protocol" @@ -1361,69 +1627,87 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1435,33 +1719,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1473,46 +1764,52 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1521,13 +1818,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1536,176 +1834,218 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", "properties": { "add": { + "description": "Added capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } }, "drop": { + "description": "Removed capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1717,33 +2057,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1755,208 +2102,260 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "type": "array", "items": { - "additionalProperties": false, + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "dnsConfig": { - "additionalProperties": false, + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", + "type": "object", "properties": { "nameservers": { + "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "options": { + "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "type": "object", "properties": { "name": { + "description": "Required.", "type": "string" }, "value": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "searches": { + "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "dnsPolicy": { + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.", "type": "string" }, "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", "type": "boolean" }, "ephemeralContainers": { + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation. \n To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1965,140 +2364,163 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } + }, + "additionalProperties": false + } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvFromSource represents the source of a set of ConfigMaps", + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "description": "The ConfigMap to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The Secret to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "additionalProperties": false, + "description": "Lifecycle is not allowed for ephemeral containers.", + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2110,21 +2532,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2136,58 +2562,69 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2199,21 +2636,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2225,81 +2666,96 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "description": "Probes are not allowed for ephemeral containers.", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2311,33 +2767,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2349,54 +2812,61 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", "type": "string" }, "ports": { + "description": "Ports are not allowed for ephemeral containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerPort represents a network port in a single container.", + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", + "type": "integer", + "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "type": "integer", + "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { - "default": "TCP", - "type": "string" + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "type": "string", + "default": "TCP" } }, - "required": [ - "containerPort" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "containerPort", "protocol" @@ -2404,69 +2874,87 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { - "additionalProperties": false, + "description": "Probes are not allowed for ephemeral containers.", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2478,33 +2966,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2516,46 +3011,52 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -2564,13 +3065,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -2579,176 +3081,218 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", "properties": { "add": { + "description": "Added capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } }, "drop": { + "description": "Removed capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "description": "Probes are not allowed for ephemeral containers.", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2760,33 +3304,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2796,220 +3347,277 @@ } ], "x-kubernetes-int-or-string": true - } - }, - "required": [ - "port" - ], - "type": "object" + } + }, + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "targetContainerName": { + "description": "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. \n The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.", "type": "string" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "type": "array", "items": { - "additionalProperties": false, + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "type": "object", "properties": { "hostnames": { + "description": "Hostnames for the above IP address.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ip": { + "description": "IP address of the host file entry.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "hostIPC": { + "description": "Use the host's ipc namespace. Optional: Default to false.", "type": "boolean" }, "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.", "type": "boolean" }, "hostPID": { + "description": "Use the host's pid namespace. Optional: Default to false.", "type": "boolean" }, "hostUsers": { + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", "type": "boolean" }, "hostname": { + "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", "type": "string" }, "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "type": "array", "items": { - "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "initContainers": { + "description": "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + "type": "array", "items": { - "additionalProperties": false, + "description": "A single application container that you want to run within a pod.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -3018,140 +3626,163 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvFromSource represents the source of a set of ConfigMaps", + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "description": "The ConfigMap to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The Secret to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "additionalProperties": false, + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3163,21 +3794,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3189,58 +3824,69 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3252,21 +3898,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3278,81 +3928,96 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3364,33 +4029,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3402,54 +4074,61 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerPort represents a network port in a single container.", + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", + "type": "integer", + "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "type": "integer", + "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { - "default": "TCP", - "type": "string" + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "type": "string", + "default": "TCP" } }, - "required": [ - "containerPort" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "containerPort", "protocol" @@ -3457,69 +4136,87 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3531,33 +4228,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3569,46 +4273,52 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -3617,13 +4327,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -3632,176 +4343,218 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", "properties": { "add": { + "description": "Added capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } }, "drop": { + "description": "Removed capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3813,33 +4566,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3851,122 +4611,142 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "type": "array", "items": { - "additionalProperties": false, + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "nodeName": { + "description": "NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.", "type": "string" }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" }, - "type": "object", "x-kubernetes-map-type": "atomic" }, "os": { - "additionalProperties": false, + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. \n If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions \n If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "overhead": { + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -3975,318 +4755,387 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.", "type": "string" }, "priority": { - "format": "int32", - "type": "integer" + "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", + "type": "integer", + "format": "int32" }, "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", "type": "string" }, "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodReadinessGate contains the reference to a pod condition", + "type": "object", + "required": [ + "conditionType" + ], "properties": { "conditionType": { + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", "type": "string" } }, - "required": [ - "conditionType" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "resourceClaims": { + "description": "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodResourceClaim references exactly one ResourceClaim through a ClaimSource. It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.", "type": "string" }, "source": { - "additionalProperties": false, + "description": "Source describes where to find the ResourceClaim.", + "type": "object", "properties": { "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.", "type": "string" }, "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod. \n The template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The name of the ResourceClaim will be \u003cpod name\u003e-\u003cresource name\u003e, where \u003cresource name\u003e is the PodResourceClaim.Name. Pod validation will reject the pod if the concatenated name is not valid for a ResourceClaim (e.g. too long). \n An existing ResourceClaim with that name that is not owned by the pod will not be used for the pod to avoid using an unrelated resource by mistake. Scheduling and pod startup are then blocked until the unrelated ResourceClaim is removed. \n This field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "restartPolicy": { + "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", "type": "string" }, "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", "type": "string" }, "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", "type": "string" }, "schedulingGates": { + "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. \n This is an alpha-level feature enabled by PodSchedulingReadiness feature gate.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the scheduling gate. Each scheduling gate must have a unique name field.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "securityContext": { - "additionalProperties": false, + "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", + "type": "object", "properties": { "fsGroup": { - "format": "int64", - "type": "integer" + "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.", + "type": "array", "items": { - "format": "int64", - "type": "integer" - }, - "type": "array" + "type": "integer", + "format": "int64" + } }, "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Sysctl defines a kernel parameter to be set", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "windowsOptions": { - "additionalProperties": false, + "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceAccount": { + "description": "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", "type": "string" }, "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "type": "string" }, "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", "type": "boolean" }, "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", "type": "boolean" }, "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"\u003chostname\u003e.\u003csubdomain\u003e.\u003cpod namespace\u003e.svc.\u003ccluster domain\u003e\". If not specified, the pod will not have a domainname at all.", "type": "string" }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "type": "integer", + "format": "int64" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "maxSkew": { - "format": "int32", - "type": "integer" + "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", + "type": "integer", + "format": "int32" }, "minDomains": { - "format": "int32", - "type": "integer" + "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + "type": "integer", + "format": "int32" }, "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", "type": "string" }, "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.", "type": "string" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "topologyKey", "whenUnsatisfiable" @@ -4294,258 +5143,330 @@ "x-kubernetes-list-type": "map" }, "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "type": "array", "items": { - "additionalProperties": false, + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "type": "integer", + "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "description": "configMap represents a configMap that should populate this volume", + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "csi": { - "additionalProperties": false, + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", + "type": "array", "items": { - "additionalProperties": false, + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4554,37 +5475,34 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4593,38 +5511,43 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "ephemeral": { - "additionalProperties": false, + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time.", + "type": "object", "properties": { "volumeClaimTemplate": { - "additionalProperties": false, + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where `\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil.", + "type": "object", + "required": [ + "spec" + ], "properties": { "metadata": { - "additionalProperties": false, + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "finalizers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -4633,83 +5556,101 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "spec": { - "additionalProperties": false, + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", + "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "dataSource": { - "additionalProperties": false, + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "type": "object", + "required": [ + "kind", + "name" + ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "object", "required": [ "kind", "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "additionalProperties": false, "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, - "required": [ - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4718,13 +5659,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4733,430 +5675,527 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "description": "selector is a label query over volumes to consider for binding.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "spec" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "description": "lun is Optional: FC target lun number", + "type": "integer", + "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", + "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "integer", + "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md", + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.", + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md", + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "description": "lun represents iSCSI Target Lun number.", + "type": "integer", + "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { - "additionalProperties": false, + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", + "type": "array", "items": { - "additionalProperties": false, + "description": "Projection that may be projected along with other supported volume types", + "type": "object", "properties": { "configMap": { - "additionalProperties": false, + "description": "configMap information about the configMap data to project", + "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "downwardAPI": { - "additionalProperties": false, + "description": "downwardAPI information about the downwardAPI data to project", + "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", + "type": "array", "items": { - "additionalProperties": false, + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -5165,417 +6204,466 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "description": "secret information about the secret data to project", + "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { - "additionalProperties": false, + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "type": "integer", + "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { + "description": "group to map volume access to Default is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to Defaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md", + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", + "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "containers" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "ttlSecondsAfterFinished": { - "format": "int32", - "type": "integer" + "description": "ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes.", + "type": "integer", + "format": "int32" } }, - "required": [ - "template" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name", - "template" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map", "x-kubernetes-validations": [ { - "message": "Value is immutable", - "rule": "self == oldSelf" + "rule": "self == oldSelf", + "message": "Value is immutable" } ] }, "suspend": { + "description": "Suspend suspends all running child Jobs when set to true.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "JobSetStatus defines the observed state of JobSet", + "type": "object", "properties": { "conditions": { + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "type": "object", + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { - "maxLength": 32768, - "type": "string" + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "type": "string", + "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", "maxLength": 1024, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "type": "string", "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "restarts": { + "description": "Restarts tracks the number of times the JobSet has restarted (i.e. recreated in case of RecreateAll policy).", "type": "integer" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/k6.io/k6_v1alpha1.json b/schema/k6.io/k6_v1alpha1.json index 31c90b84a..2cd383d19 100644 --- a/schema/k6.io/k6_v1alpha1.json +++ b/schema/k6.io/k6_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -10,36 +11,50 @@ "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "parallelism", + "script" + ], "properties": { "arguments": { "type": "string" }, "cleanup": { + "type": "string", "enum": [ "post" - ], - "type": "string" + ] }, "initializer": { - "additionalProperties": false, + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -48,23 +63,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchFields": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -73,47 +90,49 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -122,23 +141,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchFields": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -147,52 +168,59 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -201,36 +229,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -239,68 +283,68 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -309,36 +353,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -347,66 +407,74 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -415,36 +483,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -453,68 +537,68 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -523,36 +607,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "namespaceSelector": { - "additionalProperties": false, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -561,79 +661,91 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "automountServiceAccountToken": { "type": "string" }, "containerSecurityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, + "appArmorProfile": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "drop": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -645,18 +757,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -671,10 +783,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -683,13 +798,10 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -704,14 +816,18 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -720,29 +836,33 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -751,19 +871,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -772,86 +893,81 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -860,37 +976,43 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "initContainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -899,29 +1021,33 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -930,19 +1056,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -951,86 +1078,81 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -1039,8 +1161,13 @@ "type": "string" }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -1054,6 +1181,9 @@ "readOnly": { "type": "boolean" }, + "recursiveReadOnly": { + "type": "string" + }, "subPath": { "type": "string" }, @@ -1061,66 +1191,70 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "service": { - "type": "string" + "type": "string", + "default": "" } }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1129,13 +1263,9 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -1155,25 +1285,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1190,90 +1320,97 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "service": { - "type": "string" + "type": "string", + "default": "" } }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1282,13 +1419,9 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -1308,25 +1441,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1343,46 +1476,48 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "claims": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" + }, + "request": { + "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1391,13 +1526,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1406,37 +1541,50 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { + "appArmorProfile": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, "fsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "fsGroupChangePolicy": { "type": "string" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -1451,10 +1599,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -1463,21 +1614,27 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "type": "array", "items": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, - "type": "array" + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" }, "sysctls": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1486,16 +1643,12 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -1510,17 +1663,18 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceAccountName": { "type": "string" }, "tolerations": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "effect": { "type": "string" @@ -1532,27 +1686,37 @@ "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "value": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "topologySpreadConstraints": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -1561,44 +1725,41 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "maxSkew": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "minDomains": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "nodeAffinityPolicy": { "type": "string" @@ -1613,18 +1774,17 @@ "type": "string" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -1638,6 +1798,9 @@ "readOnly": { "type": "boolean" }, + "recursiveReadOnly": { + "type": "string" + }, "subPath": { "type": "string" }, @@ -1645,27 +1808,29 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumes": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" @@ -1674,13 +1839,14 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { "type": "string" @@ -1692,23 +1858,25 @@ "type": "string" }, "fsType": { - "type": "string" + "type": "string", + "default": "ext4" }, "kind": { "type": "string" }, "readOnly": { - "type": "boolean" + "type": "boolean", + "default": false } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { "type": "boolean" @@ -1720,20 +1888,20 @@ "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -1745,26 +1913,27 @@ "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -1773,66 +1942,69 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeID": { "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "csi": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -1841,43 +2013,48 @@ "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "readOnly": { "type": "boolean" }, "volumeAttributes": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -1886,26 +2063,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1914,37 +2092,31 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "type": "object", "properties": { "medium": { "type": "string" }, "sizeLimit": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -1953,32 +2125,39 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "ephemeral": { - "additionalProperties": false, + "type": "object", "properties": { "volumeClaimTemplate": { - "additionalProperties": false, + "type": "object", + "required": [ + "spec" + ], "properties": { "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "accessModes": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "dataSource": { - "additionalProperties": false, + "type": "object", + "required": [ + "kind", + "name" + ], "properties": { "apiGroup": { "type": "string" @@ -1990,15 +2169,15 @@ "type": "string" } }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "type": "object", "required": [ "kind", "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "additionalProperties": false, "properties": { "apiGroup": { "type": "string" @@ -2013,36 +2192,15 @@ "type": "string" } }, - "required": [ - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { - "claims": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -2051,13 +2209,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -2066,20 +2224,23 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -2088,33 +2249,33 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2122,47 +2283,49 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "spec" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" }, "targetWWNs": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "wwids": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -2171,32 +2334,30 @@ "type": "string" }, "options": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "type": "object", "properties": { "datasetName": { "type": "string" @@ -2205,17 +2366,20 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "pdName": { "type": "string" @@ -2224,13 +2388,13 @@ "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { "type": "string" @@ -2242,13 +2406,14 @@ "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { "type": "string" @@ -2260,14 +2425,13 @@ "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { "type": "string" @@ -2276,13 +2440,27 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { "type": "boolean" @@ -2300,47 +2478,49 @@ "type": "string" }, "iscsiInterface": { - "type": "string" + "type": "string", + "default": "default" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "portals": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "targetPortal": { "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "nfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { "type": "string" @@ -2352,14 +2532,13 @@ "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { "type": "string" @@ -2368,13 +2547,13 @@ "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { "type": "string" @@ -2383,13 +2562,13 @@ "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -2401,67 +2580,135 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "sources": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + } + }, + "additionalProperties": false + }, + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -2470,26 +2717,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -2498,95 +2746,94 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "path": { "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { "type": "string" @@ -2607,14 +2854,14 @@ "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { "type": "string" @@ -2623,45 +2870,52 @@ "type": "string" }, "keyring": { - "type": "string" + "type": "string", + "default": "/etc/ceph/keyring" }, "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "pool": { - "type": "string" + "type": "string", + "default": "rbd" }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { - "type": "string" + "type": "string", + "default": "admin" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { - "type": "string" + "type": "string", + "default": "xfs" }, "gateway": { "type": "string" @@ -2673,20 +2927,22 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "sslEnabled": { "type": "boolean" }, "storageMode": { - "type": "string" + "type": "string", + "default": "ThinProvisioned" }, "storagePool": { "type": "string" @@ -2698,42 +2954,38 @@ "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "optional": { "type": "boolean" @@ -2742,10 +2994,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" @@ -2754,13 +3006,14 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeName": { @@ -2770,10 +3023,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { "type": "string" @@ -2788,81 +3044,84 @@ "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "parallelism": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "paused": { "type": "string" }, "ports": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "hostIP": { "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "name": { "type": "string" }, "protocol": { - "default": "TCP", - "type": "string" + "type": "string", + "default": "TCP" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "quiet": { "type": "string" }, "runner": { - "additionalProperties": false, + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -2871,23 +3130,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchFields": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -2896,47 +3157,49 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -2945,23 +3208,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchFields": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -2970,52 +3235,59 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3024,36 +3296,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3062,68 +3350,68 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3132,36 +3420,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3170,66 +3474,74 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3238,36 +3550,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3276,68 +3604,68 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3346,36 +3674,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3384,79 +3728,91 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + }, + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "automountServiceAccountToken": { "type": "string" }, "containerSecurityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, + "appArmorProfile": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "drop": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -3468,18 +3824,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -3494,10 +3850,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -3506,13 +3865,10 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -3527,14 +3883,18 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -3543,29 +3903,33 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -3574,19 +3938,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -3595,86 +3960,81 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -3683,37 +4043,43 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "initContainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -3722,29 +4088,33 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -3753,19 +4123,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -3774,86 +4145,81 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -3862,8 +4228,13 @@ "type": "string" }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -3877,6 +4248,9 @@ "readOnly": { "type": "boolean" }, + "recursiveReadOnly": { + "type": "string" + }, "subPath": { "type": "string" }, @@ -3884,66 +4258,70 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "service": { - "type": "string" + "type": "string", + "default": "" } }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -3952,13 +4330,9 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -3978,25 +4352,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -4013,90 +4387,97 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "service": { - "type": "string" + "type": "string", + "default": "" } }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -4105,13 +4486,9 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -4131,25 +4508,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -4166,46 +4543,48 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "claims": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" + }, + "request": { + "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4214,13 +4593,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4229,37 +4608,50 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { + "appArmorProfile": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, "fsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "fsGroupChangePolicy": { "type": "string" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -4274,10 +4666,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -4286,21 +4681,27 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "type": "array", "items": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, - "type": "array" + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" }, "sysctls": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -4309,16 +4710,12 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -4333,17 +4730,18 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceAccountName": { "type": "string" }, "tolerations": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "effect": { "type": "string" @@ -4355,27 +4753,37 @@ "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "value": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "topologySpreadConstraints": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -4384,44 +4792,41 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "maxSkew": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "minDomains": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "nodeAffinityPolicy": { "type": "string" @@ -4436,18 +4841,17 @@ "type": "string" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -4461,6 +4865,9 @@ "readOnly": { "type": "boolean" }, + "recursiveReadOnly": { + "type": "string" + }, "subPath": { "type": "string" }, @@ -4468,27 +4875,29 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumes": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" @@ -4497,13 +4906,14 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { "type": "string" @@ -4515,23 +4925,25 @@ "type": "string" }, "fsType": { - "type": "string" + "type": "string", + "default": "ext4" }, "kind": { "type": "string" }, "readOnly": { - "type": "boolean" + "type": "boolean", + "default": false } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { "type": "boolean" @@ -4543,20 +4955,20 @@ "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -4568,26 +4980,27 @@ "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -4596,66 +5009,69 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeID": { "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "csi": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -4664,43 +5080,48 @@ "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "readOnly": { "type": "boolean" }, "volumeAttributes": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -4709,26 +5130,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4737,37 +5159,31 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "type": "object", "properties": { "medium": { "type": "string" }, "sizeLimit": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4776,32 +5192,39 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "ephemeral": { - "additionalProperties": false, + "type": "object", "properties": { "volumeClaimTemplate": { - "additionalProperties": false, + "type": "object", + "required": [ + "spec" + ], "properties": { "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "accessModes": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "dataSource": { - "additionalProperties": false, + "type": "object", + "required": [ + "kind", + "name" + ], "properties": { "apiGroup": { "type": "string" @@ -4813,15 +5236,15 @@ "type": "string" } }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "type": "object", "required": [ "kind", "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "additionalProperties": false, "properties": { "apiGroup": { "type": "string" @@ -4836,36 +5259,15 @@ "type": "string" } }, - "required": [ - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { - "claims": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4874,13 +5276,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -4889,20 +5291,23 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -4911,33 +5316,33 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -4945,47 +5350,49 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "spec" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" }, "targetWWNs": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "wwids": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -4994,32 +5401,30 @@ "type": "string" }, "options": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "type": "object", "properties": { "datasetName": { "type": "string" @@ -5028,17 +5433,20 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "pdName": { "type": "string" @@ -5047,13 +5455,13 @@ "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { "type": "string" @@ -5065,13 +5473,14 @@ "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { "type": "string" @@ -5083,14 +5492,13 @@ "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { "type": "string" @@ -5099,13 +5507,27 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { "type": "boolean" @@ -5123,47 +5545,49 @@ "type": "string" }, "iscsiInterface": { - "type": "string" + "type": "string", + "default": "default" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "portals": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "targetPortal": { "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "nfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { "type": "string" @@ -5175,14 +5599,13 @@ "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { "type": "string" @@ -5191,13 +5614,13 @@ "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { "type": "string" @@ -5206,13 +5629,13 @@ "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -5224,67 +5647,135 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "sources": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + } + }, + "additionalProperties": false + }, + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -5293,26 +5784,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -5321,95 +5813,94 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "path": { "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { "type": "string" @@ -5430,14 +5921,14 @@ "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { "type": "string" @@ -5446,45 +5937,52 @@ "type": "string" }, "keyring": { - "type": "string" + "type": "string", + "default": "/etc/ceph/keyring" }, "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "pool": { - "type": "string" + "type": "string", + "default": "rbd" }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { - "type": "string" + "type": "string", + "default": "admin" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { - "type": "string" + "type": "string", + "default": "xfs" }, "gateway": { "type": "string" @@ -5496,20 +5994,22 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "sslEnabled": { "type": "boolean" }, "storageMode": { - "type": "string" + "type": "string", + "default": "ThinProvisioned" }, "storagePool": { "type": "string" @@ -5521,42 +6021,38 @@ "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "optional": { "type": "boolean" @@ -5565,10 +6061,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" @@ -5577,13 +6073,14 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeName": { @@ -5593,10 +6090,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { "type": "string" @@ -5611,27 +6111,23 @@ "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "script": { - "additionalProperties": false, + "type": "object", "properties": { "configMap": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "file": { "type": "string" @@ -5640,16 +6136,16 @@ "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "localFile": { "type": "string" }, "volumeClaim": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "file": { "type": "string" @@ -5661,16 +6157,13 @@ "type": "boolean" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "scuttle": { - "additionalProperties": false, + "type": "object", "properties": { "disableLogging": { "type": "boolean" @@ -5703,30 +6196,40 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "separate": { "type": "boolean" }, "starter": { - "additionalProperties": false, + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -5735,23 +6238,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchFields": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -5760,47 +6265,49 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -5809,23 +6316,25 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchFields": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -5834,52 +6343,59 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -5888,36 +6404,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -5926,68 +6458,68 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -5996,36 +6528,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -6034,66 +6582,74 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -6102,36 +6658,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -6140,68 +6712,68 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -6210,36 +6782,52 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -6248,79 +6836,91 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "automountServiceAccountToken": { "type": "string" }, "containerSecurityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, + "appArmorProfile": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "drop": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -6332,18 +6932,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -6358,10 +6958,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -6370,13 +6973,10 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -6391,14 +6991,18 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -6407,29 +7011,33 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -6438,19 +7046,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -6459,86 +7068,81 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -6547,37 +7151,43 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "initContainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -6586,29 +7196,33 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } - }, - "required": [ - "key" - ], - "type": "object", + }, + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -6617,19 +7231,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -6638,86 +7253,81 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -6726,8 +7336,13 @@ "type": "string" }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -6741,6 +7356,9 @@ "readOnly": { "type": "boolean" }, + "recursiveReadOnly": { + "type": "string" + }, "subPath": { "type": "string" }, @@ -6748,66 +7366,70 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "service": { - "type": "string" + "type": "string", + "default": "" } }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -6816,13 +7438,9 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -6842,25 +7460,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -6877,90 +7495,97 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "metadata": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "labels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "nodeSelector": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "grpc": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "port": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "service": { - "type": "string" + "type": "string", + "default": "" } }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "httpGet": { - "additionalProperties": false, "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -6969,13 +7594,9 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -6995,25 +7616,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -7030,46 +7651,48 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "claims": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" + }, + "request": { + "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -7078,13 +7701,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -7093,37 +7716,50 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { + "appArmorProfile": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "additionalProperties": false + }, "fsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "fsGroupChangePolicy": { "type": "string" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -7138,10 +7774,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "seccompProfile": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "localhostProfile": { "type": "string" @@ -7150,21 +7789,27 @@ "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "type": "array", "items": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, - "type": "array" + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" }, "sysctls": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -7173,16 +7818,12 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -7197,17 +7838,18 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceAccountName": { "type": "string" }, "tolerations": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "effect": { "type": "string" @@ -7219,27 +7861,37 @@ "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "value": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "topologySpreadConstraints": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -7248,44 +7900,41 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "maxSkew": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "minDomains": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "nodeAffinityPolicy": { "type": "string" @@ -7300,18 +7949,17 @@ "type": "string" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -7325,6 +7973,9 @@ "readOnly": { "type": "boolean" }, + "recursiveReadOnly": { + "type": "string" + }, "subPath": { "type": "string" }, @@ -7332,27 +7983,29 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumes": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" @@ -7361,13 +8014,14 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { "type": "string" @@ -7379,23 +8033,25 @@ "type": "string" }, "fsType": { - "type": "string" + "type": "string", + "default": "ext4" }, "kind": { "type": "string" }, "readOnly": { - "type": "boolean" + "type": "boolean", + "default": false } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { "type": "boolean" @@ -7407,20 +8063,20 @@ "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "path": { "type": "string" @@ -7432,26 +8088,27 @@ "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -7460,66 +8117,69 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeID": { "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "csi": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -7528,43 +8188,48 @@ "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "readOnly": { "type": "boolean" }, "volumeAttributes": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -7573,26 +8238,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -7601,37 +8267,31 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "type": "object", "properties": { "medium": { "type": "string" }, "sizeLimit": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -7640,32 +8300,39 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "ephemeral": { - "additionalProperties": false, + "type": "object", "properties": { "volumeClaimTemplate": { - "additionalProperties": false, + "type": "object", + "required": [ + "spec" + ], "properties": { "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "accessModes": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "dataSource": { - "additionalProperties": false, + "type": "object", + "required": [ + "kind", + "name" + ], "properties": { "apiGroup": { "type": "string" @@ -7677,15 +8344,15 @@ "type": "string" } }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "type": "object", "required": [ "kind", "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "dataSourceRef": { - "additionalProperties": false, "properties": { "apiGroup": { "type": "string" @@ -7700,36 +8367,15 @@ "type": "string" } }, - "required": [ - "kind", - "name" - ], - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { - "claims": { - "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -7738,13 +8384,13 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -7753,20 +8399,23 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "selector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -7775,33 +8424,33 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -7809,47 +8458,49 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "spec" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" }, "targetWWNs": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "wwids": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -7858,32 +8509,30 @@ "type": "string" }, "options": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "type": "object", "properties": { "datasetName": { "type": "string" @@ -7892,17 +8541,20 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "pdName": { "type": "string" @@ -7911,13 +8563,13 @@ "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { "type": "string" @@ -7929,13 +8581,14 @@ "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { "type": "string" @@ -7947,14 +8600,13 @@ "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { "type": "string" @@ -7963,13 +8615,27 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false + }, + "image": { + "type": "object", + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { "type": "boolean" @@ -7987,47 +8653,49 @@ "type": "string" }, "iscsiInterface": { - "type": "string" + "type": "string", + "default": "default" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "portals": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "targetPortal": { "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "nfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { "type": "string" @@ -8039,14 +8707,13 @@ "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { "type": "string" @@ -8055,13 +8722,13 @@ "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { "type": "string" @@ -8070,13 +8737,13 @@ "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -8088,67 +8755,135 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "sources": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + } + }, + "additionalProperties": false + }, + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -8157,26 +8892,27 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" }, "divisor": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -8185,95 +8921,94 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "name": { - "type": "string" + "type": "string", + "default": "" }, "optional": { "type": "boolean" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "path": { "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { "type": "string" @@ -8294,14 +9029,14 @@ "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { "type": "string" @@ -8310,45 +9045,52 @@ "type": "string" }, "keyring": { - "type": "string" + "type": "string", + "default": "/etc/ceph/keyring" }, "monitors": { + "type": "array", "items": { "type": "string" }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "pool": { - "type": "string" + "type": "string", + "default": "rbd" }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "user": { - "type": "string" + "type": "string", + "default": "admin" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { - "type": "string" + "type": "string", + "default": "xfs" }, "gateway": { "type": "string" @@ -8360,20 +9102,22 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "sslEnabled": { "type": "boolean" }, "storageMode": { - "type": "string" + "type": "string", + "default": "ThinProvisioned" }, "storagePool": { "type": "string" @@ -8385,42 +9129,38 @@ "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" + "additionalProperties": false }, - "type": "array" + "x-kubernetes-list-type": "atomic" }, "optional": { "type": "boolean" @@ -8429,10 +9169,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" @@ -8441,13 +9181,14 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { - "type": "string" + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "volumeName": { @@ -8457,10 +9198,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { "type": "string" @@ -8475,21 +9219,14 @@ "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "testRunId": { "type": "string" @@ -8498,67 +9235,64 @@ "type": "string" } }, - "required": [ - "parallelism", - "script" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "aggregationVars": { "type": "string" }, "conditions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "type": "string", + "format": "date-time" }, "message": { - "maxLength": 32768, - "type": "string" + "type": "string", + "maxLength": 32768 }, "observedGeneration": { + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "minimum": 0 }, "reason": { + "type": "string", "maxLength": 1024, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "type": "string", "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "stage": { + "type": "string", "enum": [ "initialization", "initialized", @@ -8567,15 +9301,13 @@ "stopped", "finished", "error" - ], - "type": "string" + ] }, "testRunId": { "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/k8s.nginx.org/globalconfiguration_v1alpha1.json b/schema/k8s.nginx.org/globalconfiguration_v1alpha1.json index e3a2fe7d1..e8dfc3a63 100644 --- a/schema/k8s.nginx.org/globalconfiguration_v1alpha1.json +++ b/schema/k8s.nginx.org/globalconfiguration_v1alpha1.json @@ -1,20 +1,27 @@ { + "description": "GlobalConfiguration defines the GlobalConfiguration resource.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "GlobalConfigurationSpec is the spec of the GlobalConfiguration resource.", + "type": "object", "properties": { "listeners": { + "type": "array", "items": { - "additionalProperties": false, + "description": "Listener defines a listener.", + "type": "object", "properties": { "name": { "type": "string" @@ -29,13 +36,11 @@ "type": "boolean" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/k8s.nginx.org/policy_v1alpha1.json b/schema/k8s.nginx.org/policy_v1alpha1.json index 390317abe..cc98de44d 100644 --- a/schema/k8s.nginx.org/policy_v1alpha1.json +++ b/schema/k8s.nginx.org/policy_v1alpha1.json @@ -1,37 +1,44 @@ { + "description": "Policy defines a Policy for VirtualServer and VirtualServerRoute resources.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "PolicySpec is the spec of the Policy resource.\nThe spec includes multiple fields, where each field represents a different policy.\nOnly one policy (field) is allowed.", + "type": "object", "properties": { "accessControl": { - "additionalProperties": false, + "description": "AccessControl defines an access policy based on the source IP of a request.", + "type": "object", "properties": { "allow": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "deny": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "egressMTLS": { - "additionalProperties": false, + "description": "EgressMTLS defines an Egress MTLS policy.", + "type": "object", "properties": { "ciphers": { "type": "string" @@ -61,10 +68,11 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "ingressMTLS": { - "additionalProperties": false, + "description": "IngressMTLS defines an Ingress MTLS policy.", + "type": "object", "properties": { "clientCertSecret": { "type": "string" @@ -76,10 +84,11 @@ "type": "integer" } }, - "type": "object" + "additionalProperties": false }, "jwt": { - "additionalProperties": false, + "description": "JWTAuth holds JWT authentication configuration.", + "type": "object", "properties": { "realm": { "type": "string" @@ -91,10 +100,11 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "rateLimit": { - "additionalProperties": false, + "description": "RateLimit defines a rate limit policy.", + "type": "object", "properties": { "burst": { "type": "integer" @@ -124,11 +134,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/k8s.nginx.org/transportserver_v1alpha1.json b/schema/k8s.nginx.org/transportserver_v1alpha1.json index b5a5a8415..2e4d46fe9 100644 --- a/schema/k8s.nginx.org/transportserver_v1alpha1.json +++ b/schema/k8s.nginx.org/transportserver_v1alpha1.json @@ -1,25 +1,31 @@ { + "description": "TransportServer defines the TransportServer resource.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "TransportServerSpec is the spec of the TransportServer resource.", + "type": "object", "properties": { "action": { - "additionalProperties": false, + "description": "TransportServerAction defines an action.", + "type": "object", "properties": { "pass": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "host": { "type": "string" @@ -28,7 +34,8 @@ "type": "string" }, "listener": { - "additionalProperties": false, + "description": "TransportServerListener defines a listener for a TransportServer.", + "type": "object", "properties": { "name": { "type": "string" @@ -37,34 +44,37 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "serverSnippets": { "type": "string" }, "sessionParameters": { - "additionalProperties": false, + "description": "SessionParameters defines session parameters.", + "type": "object", "properties": { "timeout": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "streamSnippets": { "type": "string" }, "tls": { - "additionalProperties": false, + "description": "TransportServerTLS defines TransportServerTLS configuration for a TransportServer.", + "type": "object", "properties": { "secret": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "upstreamParameters": { - "additionalProperties": false, + "description": "UpstreamParameters defines parameters for an upstream.", + "type": "object", "properties": { "connectTimeout": { "type": "string" @@ -85,11 +95,13 @@ "type": "integer" } }, - "type": "object" + "additionalProperties": false }, "upstreams": { + "type": "array", "items": { - "additionalProperties": false, + "description": "TransportServerUpstream defines an upstream.", + "type": "object", "properties": { "backup": { "type": "string" @@ -101,7 +113,8 @@ "type": "string" }, "healthCheck": { - "additionalProperties": false, + "description": "TransportServerHealthCheck defines the parameters for active Upstream HealthChecks.", + "type": "object", "properties": { "enable": { "type": "boolean" @@ -116,7 +129,8 @@ "type": "string" }, "match": { - "additionalProperties": false, + "description": "TransportServerMatch defines the parameters of a custom health check.", + "type": "object", "properties": { "expect": { "type": "string" @@ -125,7 +139,7 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "passes": { "type": "integer" @@ -137,7 +151,7 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "loadBalancingMethod": { "type": "string" @@ -158,15 +172,15 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "TransportServerStatus defines the status for the TransportServer resource.", + "type": "object", "properties": { "message": { "type": "string" @@ -178,8 +192,7 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/k8up.io/effectiveschedule_v1.json b/schema/k8up.io/effectiveschedule_v1.json index 77032c726..02bbdc9c6 100644 --- a/schema/k8up.io/effectiveschedule_v1.json +++ b/schema/k8up.io/effectiveschedule_v1.json @@ -1,29 +1,40 @@ { + "description": "EffectiveSchedule is the Schema to persist schedules generated from Randomized schedules.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "EffectiveScheduleSpec defines the desired state of EffectiveSchedule", + "type": "object", "properties": { "generatedSchedule": { + "description": "GeneratedSchedule is the effective schedule that is added to Cron", "type": "string" }, "jobType": { + "description": "JobType defines to which job type this schedule applies", "type": "string" }, "originalSchedule": { + "description": "OriginalSchedule is the original user-defined schedule definition in the Schedule object.", "type": "string" }, "scheduleRefs": { + "description": "ScheduleRefs holds a list of schedules for which the generated schedule applies to. The list may omit entries that aren't generated from smart schedules.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ScheduleRef represents a reference to a Schedule resource", + "type": "object", "properties": { "name": { "type": "string" @@ -32,13 +43,11 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/kafka.strimzi.io/kafkamirrormaker_v1beta2.json b/schema/kafka.strimzi.io/kafkamirrormaker_v1beta2.json index be731055a..769575439 100644 --- a/schema/kafka.strimzi.io/kafkamirrormaker_v1beta2.json +++ b/schema/kafka.strimzi.io/kafkamirrormaker_v1beta2.json @@ -27,8 +27,7 @@ ], "properties": { "include": {} - }, - "additionalProperties": false + } }, { "required": [ @@ -36,8 +35,7 @@ ], "properties": { "whitelist": {} - }, - "additionalProperties": false + } } ], "properties": { @@ -257,8 +255,7 @@ ], "properties": { "certificate": {} - }, - "additionalProperties": false + } }, { "required": [ @@ -266,8 +263,7 @@ ], "properties": { "pattern": {} - }, - "additionalProperties": false + } } ], "properties": { @@ -350,8 +346,7 @@ ], "properties": { "certificate": {} - }, - "additionalProperties": false + } }, { "required": [ @@ -359,8 +354,7 @@ ], "properties": { "pattern": {} - }, - "additionalProperties": false + } } ], "properties": { @@ -780,8 +774,7 @@ ], "properties": { "certificate": {} - }, - "additionalProperties": false + } }, { "required": [ @@ -789,8 +782,7 @@ ], "properties": { "pattern": {} - }, - "additionalProperties": false + } } ], "properties": { @@ -860,8 +852,7 @@ ], "properties": { "certificate": {} - }, - "additionalProperties": false + } }, { "required": [ @@ -869,8 +860,7 @@ ], "properties": { "pattern": {} - }, - "additionalProperties": false + } } ], "properties": { @@ -1041,8 +1031,7 @@ ], "properties": { "value": {} - }, - "additionalProperties": false + } }, { "required": [ @@ -1050,8 +1039,7 @@ ], "properties": { "valueFrom": {} - }, - "additionalProperties": false + } } ], "properties": { @@ -1073,8 +1061,7 @@ ], "properties": { "secretKeyRef": {} - }, - "additionalProperties": false + } }, { "required": [ @@ -1082,8 +1069,7 @@ ], "properties": { "configMapKeyRef": {} - }, - "additionalProperties": false + } } ], "properties": { @@ -2103,8 +2089,7 @@ "emptyDir": {}, "persistentVolumeClaim": {}, "secret": {} - }, - "additionalProperties": false + } } ], "properties": { diff --git a/schema/kargo.akuity.io/promotionpolicy_v1alpha1.json b/schema/kargo.akuity.io/promotionpolicy_v1alpha1.json index 084ed4fab..bd4728462 100644 --- a/schema/kargo.akuity.io/promotionpolicy_v1alpha1.json +++ b/schema/kargo.akuity.io/promotionpolicy_v1alpha1.json @@ -1,22 +1,27 @@ { + "description": "PromotionPolicy specifies whether a given Stage is eligible for auto-promotion to newly discovered Freight.", "type": "object", "required": [ "stage" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "enableAutoPromotion": { + "description": "EnableAutoPromotion indicates whether new Freight can automatically be promoted into the Stage referenced by the Stage field. Note: There are other conditions also required for an auto-promotion to occur. Specifically, there must be a single source of new Freight, so regardless of the value of this field, an auto-promotion could never occur for a Stage subscribed to MULTIPLE upstream Stages. This field defaults to false, but is commonly set to true for Stages that subscribe to repositories instead of other, upstream Stages. This allows users to define Stages that are automatically updated as soon as new materials are detected.", "type": "boolean" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "stage": { + "description": "Stage references a Stage in the same project as this PromotionPolicy to which this PromotionPolicy applies.", "type": "string", "minLength": 1, "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" diff --git a/schema/karpenter.sh/nodeclaim_v1.json b/schema/karpenter.sh/nodeclaim_v1.json index 0616fe295..d5ca7de45 100644 --- a/schema/karpenter.sh/nodeclaim_v1.json +++ b/schema/karpenter.sh/nodeclaim_v1.json @@ -108,8 +108,8 @@ "message": "label \"kubernetes.io/hostname\" is restricted" }, { - "rule": "self in [\"karpenter.k8s.aws/capacity-reservation-type\", \"karpenter.k8s.aws/capacity-reservation-id\", \"karpenter.k8s.aws/ec2nodeclass\", \"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\", \"karpenter.k8s.aws/instance-cpu-manufacturer\", \"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\", \"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\", \"karpenter.k8s.aws/instance-capability-flex\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")", - "message": "label domain \"karpenter.k8s.aws\" is restricted" + "rule": "self in [ \"karpenter.azure.com/aksnodeclass\", \"karpenter.azure.com/sku-name\", \"karpenter.azure.com/sku-family\", \"karpenter.azure.com/sku-series\", \"karpenter.azure.com/sku-version\", \"karpenter.azure.com/sku-cpu\", \"karpenter.azure.com/sku-memory\", \"karpenter.azure.com/sku-networking-accelerated\", \"karpenter.azure.com/sku-storage-premium-capable\", \"karpenter.azure.com/sku-storage-ephemeralos-maxsize\", \"karpenter.azure.com/sku-gpu-name\", \"karpenter.azure.com/sku-gpu-manufacturer\", \"karpenter.azure.com/sku-gpu-count\" ] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.azure.com\")", + "message": "label domain \"karpenter.azure.com\" is restricted" } ] }, @@ -209,7 +209,7 @@ "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.", + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, @@ -249,7 +249,7 @@ "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.", + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, diff --git a/schema/karpenter.sh/nodeclaim_v1beta1.json b/schema/karpenter.sh/nodeclaim_v1beta1.json index 26b95bfae..d9e52159c 100644 --- a/schema/karpenter.sh/nodeclaim_v1beta1.json +++ b/schema/karpenter.sh/nodeclaim_v1beta1.json @@ -1,19 +1,23 @@ { + "description": "NodeClaim is the Schema for the NodeClaims API", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "NodeClaimSpec describes the desired state of the NodeClaim", "type": "object", "required": [ "nodeClassRef", @@ -21,18 +25,22 @@ ], "properties": { "kubelet": { + "description": "Kubelet defines args to be used when configuring kubelet on provisioned nodes.\nThey are a subset of the upstream types, recognizing not all options may be supported.\nWherever possible, the types and names should reflect the upstream kubelet types.", "type": "object", "properties": { "clusterDNS": { + "description": "clusterDNS is a list of IP addresses for the cluster DNS server.\nNote that not all providers may use all addresses.", "type": "array", "items": { "type": "string" } }, "cpuCFSQuota": { + "description": "CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits.", "type": "boolean" }, "evictionHard": { + "description": "EvictionHard is the map of signal names to quantities that define hard eviction thresholds", "type": "object", "additionalProperties": { "type": "string", @@ -46,10 +54,12 @@ ] }, "evictionMaxPodGracePeriod": { + "description": "EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in\nresponse to soft eviction thresholds being met.", "type": "integer", "format": "int32" }, "evictionSoft": { + "description": "EvictionSoft is the map of signal names to quantities that define soft eviction thresholds", "type": "object", "additionalProperties": { "type": "string", @@ -63,6 +73,7 @@ ] }, "evictionSoftGracePeriod": { + "description": "EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal", "type": "object", "additionalProperties": { "type": "string" @@ -75,18 +86,21 @@ ] }, "imageGCHighThresholdPercent": { + "description": "ImageGCHighThresholdPercent is the percent of disk usage after which image\ngarbage collection is always run. The percent is calculated by dividing this\nfield value by 100, so this field must be between 0 and 100, inclusive.\nWhen specified, the value must be greater than ImageGCLowThresholdPercent.", "type": "integer", "format": "int32", "maximum": 100, "minimum": 0 }, "imageGCLowThresholdPercent": { + "description": "ImageGCLowThresholdPercent is the percent of disk usage before which image\ngarbage collection is never run. Lowest disk usage to garbage collect to.\nThe percent is calculated by dividing this field value by 100,\nso the field value must be between 0 and 100, inclusive.\nWhen specified, the value must be less than imageGCHighThresholdPercent", "type": "integer", "format": "int32", "maximum": 100, "minimum": 0 }, "kubeReserved": { + "description": "KubeReserved contains resources reserved for Kubernetes system components.", "type": "object", "additionalProperties": { "type": "string", @@ -104,16 +118,19 @@ ] }, "maxPods": { + "description": "MaxPods is an override for the maximum number of pods that can run on\na worker node instance.", "type": "integer", "format": "int32", "minimum": 0 }, "podsPerCore": { + "description": "PodsPerCore is an override for the number of pods that can run on a worker node\ninstance based on the number of cpu cores. This value cannot exceed MaxPods, so, if\nMaxPods is a lower value, that value will be used.", "type": "integer", "format": "int32", "minimum": 0 }, "systemReserved": { + "description": "SystemReserved contains resources reserved for OS system daemons and kernel memory.", "type": "object", "additionalProperties": { "type": "string", @@ -148,27 +165,33 @@ ] }, "nodeClassRef": { + "description": "NodeClassRef is a reference to an object that defines provider specific configuration", "type": "object", "required": [ "name" ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"", "type": "string" }, "name": { + "description": "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" } }, "additionalProperties": false }, "requirements": { + "description": "Requirements are layered with GetLabels and applied to every node.", "type": "array", "maxItems": 100, "items": { + "description": "A node selector requirement with min values is a selector that contains values, a key, an operator that relates the key and values\nand minValues that represent the requirement to have at least that many values.", "type": "object", "required": [ "key", @@ -176,6 +199,7 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$", @@ -197,17 +221,19 @@ "message": "label \"kubernetes.io/hostname\" is restricted" }, { - "rule": "self in [\"karpenter.k8s.aws/ec2nodeclass\", \"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\", \"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")", - "message": "label domain \"karpenter.k8s.aws\" is restricted" + "rule": "self in [ \"karpenter.azure.com/sku-name\", \"karpenter.azure.com/sku-family\", \"karpenter.azure.com/sku-version\", \"karpenter.azure.com/sku-cpu\", \"karpenter.azure.com/sku-memory\", \"karpenter.azure.com/sku-accelerator\", \"karpenter.azure.com/sku-networking-accelerated\", \"karpenter.azure.com/sku-storage-premium-capable\", \"karpenter.azure.com/sku-storage-ephemeralos-maxsize\", \"karpenter.azure.com/sku-encryptionathost-capable\", \"karpenter.azure.com/sku-gpu-name\", \"karpenter.azure.com/sku-gpu-manufacturer\", \"karpenter.azure.com/sku-gpu-count\" ] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.azure.com\")", + "message": "label domain \"karpenter.azure.com\" is restricted" } ] }, "minValues": { + "description": "This field is ALPHA and can be dropped or replaced at any time\nMinValues is the minimum number of unique values required to define the flexibility of the specific requirement.", "type": "integer", "maximum": 50, "minimum": 1 }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string", "enum": [ "In", @@ -219,6 +245,7 @@ ] }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "maxLength": 63, "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", @@ -246,9 +273,11 @@ ] }, "resources": { + "description": "Resources models the resource requirements for the NodeClaim to launch", "type": "object", "properties": { "requests": { + "description": "Requests describes the minimum required resources for the NodeClaim to launch", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -267,8 +296,10 @@ "additionalProperties": false }, "startupTaints": { + "description": "StartupTaints are taints that are applied to nodes upon startup which are expected to be removed automatically\nwithin a short period of time, typically by a DaemonSet that tolerates the taint. These are commonly used by\ndaemonsets to allow initialization and enforce startup ordering. StartupTaints are ignored for provisioning\npurposes in that pods are not required to tolerate a StartupTaint in order to have nodes provisioned for them.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -276,6 +307,7 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string", "enum": [ "NoSchedule", @@ -284,15 +316,18 @@ ] }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string", "minLength": 1, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "The taint value corresponding to the taint key.", "type": "string", "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" } @@ -301,8 +336,10 @@ } }, "taints": { + "description": "Taints will be applied to the NodeClaim's node.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -310,6 +347,7 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string", "enum": [ "NoSchedule", @@ -318,15 +356,18 @@ ] }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string", "minLength": 1, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "The taint value corresponding to the taint key.", "type": "string", "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" } @@ -338,9 +379,11 @@ "additionalProperties": false }, "status": { + "description": "NodeClaimStatus defines the observed state of NodeClaim", "type": "object", "properties": { "allocatable": { + "description": "Allocatable is the estimated allocatable capacity of the node", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -356,6 +399,7 @@ } }, "capacity": { + "description": "Capacity is the estimated full capacity of the node", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -371,8 +415,10 @@ } }, "conditions": { + "description": "Conditions contains signals for health and readiness", "type": "array", "items": { + "description": "Condition aliases the upstream type and adds additional helper methods", "type": "object", "required": [ "lastTransitionTime", @@ -381,24 +427,29 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "type": "string", "maxLength": 1024, "pattern": "^([A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?|)$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -407,6 +458,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -416,12 +468,15 @@ } }, "imageID": { + "description": "ImageID is an identifier for the image that runs on the node", "type": "string" }, "nodeName": { + "description": "NodeName is the name of the corresponding node object", "type": "string" }, "providerID": { + "description": "ProviderID of the corresponding node object", "type": "string" } }, diff --git a/schema/karpenter.sh/nodepool_v1.json b/schema/karpenter.sh/nodepool_v1.json index bf4449e18..95f1ca1e2 100644 --- a/schema/karpenter.sh/nodepool_v1.json +++ b/schema/karpenter.sh/nodepool_v1.json @@ -63,7 +63,6 @@ "reasons": { "description": "Reasons is a list of disruption methods that this budget applies to. If Reasons is not set, this budget applies to all methods.\nOtherwise, this will apply to each reason defined.\nallowed reasons are Underutilized, Empty, and Drifted.", "type": "array", - "maxItems": 50, "items": { "description": "DisruptionReason defines valid reasons for disruption budgets.", "type": "string", @@ -90,12 +89,12 @@ ] }, "consolidateAfter": { - "description": "ConsolidateAfter is the duration the controller will wait\nbefore attempting to terminate nodes that are underutilized.\nRefer to ConsolidationPolicy for how underutilization is considered.\nWhen replicas is set, ConsolidateAfter is simply ignored", + "description": "ConsolidateAfter is the duration the controller will wait\nbefore attempting to terminate nodes that are underutilized.\nRefer to ConsolidationPolicy for how underutilization is considered.", "type": "string", "pattern": "^(([0-9]+(s|m|h))+|Never)$" }, "consolidationPolicy": { - "description": "ConsolidationPolicy describes which nodes Karpenter can disrupt through its consolidation\nalgorithm. This policy defaults to \"WhenEmptyOrUnderutilized\" if not specified\nWhen replicas is set, ConsolidationPolicy is simply ignored", + "description": "ConsolidationPolicy describes which nodes Karpenter can disrupt through its consolidation\nalgorithm. This policy defaults to \"WhenEmptyOrUnderutilized\" if not specified", "type": "string", "default": "WhenEmptyOrUnderutilized", "enum": [ @@ -107,7 +106,7 @@ "additionalProperties": false }, "limits": { - "description": "Limits define a set of bounds for provisioning capacity.\nLimits other than limits.nodes is not supported when replicas is set.", + "description": "Limits define a set of bounds for provisioning capacity.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -122,12 +121,6 @@ "x-kubernetes-int-or-string": true } }, - "replicas": { - "description": "Replicas is the desired number of nodes for the NodePool. When specified, the NodePool will\nmaintain this fixed number of replicas rather than scaling based on pod demand.\nWhen replicas is set:\n - The following fields are ignored:\n * disruption.consolidationPolicy\n * disruption.consolidateAfter\n - Only limits.nodes is supported; other resource limits (e.g., CPU, memory) must not be specified.\n - Weight is not supported.\nNote: This field is alpha.", - "type": "integer", - "format": "int64", - "minimum": 0 - }, "template": { "description": "Template contains the template of possibilities for the provisioning logic to launch a NodeClaim with.\nNodeClaims launched from this NodePool will often be further constrained than the template specifies.", "type": "object", @@ -176,8 +169,8 @@ "message": "label \"kubernetes.io/hostname\" is restricted" }, { - "rule": "self.all(x, x in [\"karpenter.k8s.aws/capacity-reservation-type\", \"karpenter.k8s.aws/capacity-reservation-id\", \"karpenter.k8s.aws/ec2nodeclass\", \"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\", \"karpenter.k8s.aws/instance-cpu-manufacturer\", \"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\", \"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\", \"karpenter.k8s.aws/instance-capability-flex\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))", - "message": "label domain \"karpenter.k8s.aws\" is restricted" + "rule": "self.all(x, x in [ \"karpenter.azure.com/aksnodeclass\", \"karpenter.azure.com/sku-name\", \"karpenter.azure.com/sku-family\", \"karpenter.azure.com/sku-series\", \"karpenter.azure.com/sku-version\", \"karpenter.azure.com/sku-cpu\", \"karpenter.azure.com/sku-memory\", \"karpenter.azure.com/sku-networking-accelerated\", \"karpenter.azure.com/sku-storage-premium-capable\", \"karpenter.azure.com/sku-storage-ephemeralos-maxsize\", \"karpenter.azure.com/sku-gpu-name\", \"karpenter.azure.com/sku-gpu-manufacturer\", \"karpenter.azure.com/sku-gpu-count\" ] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.azure.com\"))", + "message": "label domain \"karpenter.azure.com\" is restricted" } ] } @@ -290,8 +283,8 @@ "message": "label \"kubernetes.io/hostname\" is restricted" }, { - "rule": "self in [\"karpenter.k8s.aws/capacity-reservation-type\", \"karpenter.k8s.aws/capacity-reservation-id\", \"karpenter.k8s.aws/ec2nodeclass\", \"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\", \"karpenter.k8s.aws/instance-cpu-manufacturer\", \"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\", \"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\", \"karpenter.k8s.aws/instance-capability-flex\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")", - "message": "label domain \"karpenter.k8s.aws\" is restricted" + "rule": "self in [ \"karpenter.azure.com/aksnodeclass\", \"karpenter.azure.com/sku-name\", \"karpenter.azure.com/sku-family\", \"karpenter.azure.com/sku-series\", \"karpenter.azure.com/sku-version\", \"karpenter.azure.com/sku-cpu\", \"karpenter.azure.com/sku-memory\", \"karpenter.azure.com/sku-networking-accelerated\", \"karpenter.azure.com/sku-storage-premium-capable\", \"karpenter.azure.com/sku-storage-ephemeralos-maxsize\", \"karpenter.azure.com/sku-gpu-name\", \"karpenter.azure.com/sku-gpu-manufacturer\", \"karpenter.azure.com/sku-gpu-count\" ] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.azure.com\")", + "message": "label domain \"karpenter.azure.com\" is restricted" } ] }, @@ -368,7 +361,7 @@ "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.", + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, @@ -408,7 +401,7 @@ "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.", + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, @@ -433,28 +426,14 @@ "additionalProperties": false }, "weight": { - "description": "Weight is the priority given to the nodepool during scheduling. A higher\nnumerical weight indicates that this nodepool will be ordered\nahead of other nodepools with lower weights. A nodepool with no weight\nwill be treated as if it is a nodepool with a weight of 0.\nWeight is not supported when replicas is set.", + "description": "Weight is the priority given to the nodepool during scheduling. A higher\nnumerical weight indicates that this nodepool will be ordered\nahead of other nodepools with lower weights. A nodepool with no weight\nwill be treated as if it is a nodepool with a weight of 0.", "type": "integer", "format": "int32", "maximum": 100, "minimum": 1 } }, - "additionalProperties": false, - "x-kubernetes-validations": [ - { - "rule": "has(self.replicas) == has(oldSelf.replicas)", - "message": "Cannot transition NodePool between static (replicas set) and dynamic (replicas unset) provisioning modes" - }, - { - "rule": "!has(self.replicas) || (!has(self.limits) || size(self.limits) == 0 || (size(self.limits) == 1 \u0026\u0026 'nodes' in self.limits))", - "message": "only 'limits.nodes' is supported on static NodePools" - }, - { - "rule": "!has(self.replicas) || !has(self.weight)", - "message": "'weight' is not supported on static NodePools" - } - ] + "additionalProperties": false }, "status": { "description": "NodePoolStatus defines the observed state of NodePool", @@ -521,12 +500,6 @@ "type": "integer", "format": "int64" }, - "nodes": { - "description": "Nodes is the count of nodes associated with this NodePool", - "type": "integer", - "format": "int64", - "default": 0 - }, "resources": { "description": "Resources is the list of resources that have been provisioned.", "type": "object", diff --git a/schema/karpenter.sh/nodepool_v1beta1.json b/schema/karpenter.sh/nodepool_v1beta1.json index 48f622b6a..e0a8649aa 100644 --- a/schema/karpenter.sh/nodepool_v1beta1.json +++ b/schema/karpenter.sh/nodepool_v1beta1.json @@ -1,25 +1,30 @@ { + "description": "NodePool is the Schema for the NodePools API", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "NodePoolSpec is the top level nodepool specification. Nodepools\nlaunch nodes in response to pods that are unschedulable. A single nodepool\nis capable of managing a diverse set of nodes. Node properties are determined\nfrom a combination of nodepool and pod scheduling constraints.", "type": "object", "required": [ "template" ], "properties": { "disruption": { + "description": "Disruption contains the parameters that relate to Karpenter's disruption logic", "type": "object", "default": { "consolidationPolicy": "WhenUnderutilized", @@ -27,6 +32,7 @@ }, "properties": { "budgets": { + "description": "Budgets is a list of Budgets.\nIf there are multiple active budgets, Karpenter uses\nthe most restrictive value. If left undefined,\nthis will default to one budget with a value to 10%.", "type": "array", "default": [ { @@ -35,21 +41,25 @@ ], "maxItems": 50, "items": { + "description": "Budget defines when Karpenter will restrict the\nnumber of Node Claims that can be terminating simultaneously.", "type": "object", "required": [ "nodes" ], "properties": { "duration": { + "description": "Duration determines how long a Budget is active since each Schedule hit.\nOnly minutes and hours are accepted, as cron does not work in seconds.\nIf omitted, the budget is always active.\nThis is required if Schedule is set.\nThis regex has an optional 0s at the end since the duration.String() always adds\na 0s at the end.", "type": "string", "pattern": "^((([0-9]+(h|m))|([0-9]+h[0-9]+m))(0s)?)$" }, "nodes": { + "description": "Nodes dictates the maximum number of NodeClaims owned by this NodePool\nthat can be terminating at once. This is calculated by counting nodes that\nhave a deletion timestamp set, or are actively being deleted by Karpenter.\nThis field is required when specifying a budget.\nThis cannot be of type intstr.IntOrString since kubebuilder doesn't support pattern\nchecking for int nodes for IntOrString nodes.\nRef: https://github.com/kubernetes-sigs/controller-tools/blob/55efe4be40394a288216dab63156b0a64fb82929/pkg/crd/markers/validation.go#L379-L388", "type": "string", "default": "10%", "pattern": "^((100|[0-9]{1,2})%|[0-9]+)$" }, "schedule": { + "description": "Schedule specifies when a budget begins being active, following\nthe upstream cronjob syntax. If omitted, the budget is always active.\nTimezones are not supported.\nThis field is required if Duration is set.", "type": "string", "pattern": "^(@(annually|yearly|monthly|weekly|daily|midnight|hourly))|((.+)\\s(.+)\\s(.+)\\s(.+)\\s(.+))$" } @@ -64,10 +74,12 @@ ] }, "consolidateAfter": { + "description": "ConsolidateAfter is the duration the controller will wait\nbefore attempting to terminate nodes that are underutilized.\nRefer to ConsolidationPolicy for how underutilization is considered.", "type": "string", "pattern": "^(([0-9]+(s|m|h))+)|(Never)$" }, "consolidationPolicy": { + "description": "ConsolidationPolicy describes which nodes Karpenter can disrupt through its consolidation\nalgorithm. This policy defaults to \"WhenUnderutilized\" if not specified", "type": "string", "default": "WhenUnderutilized", "enum": [ @@ -76,6 +88,7 @@ ] }, "expireAfter": { + "description": "ExpireAfter is the duration the controller will wait\nbefore terminating a node, measured from when the node is created. This\nis useful to implement features like eventually consistent node upgrade,\nmemory leak protection, and disruption testing.", "type": "string", "default": "720h", "pattern": "^(([0-9]+(s|m|h))+)|(Never)$" @@ -94,6 +107,7 @@ ] }, "limits": { + "description": "Limits define a set of bounds for provisioning capacity.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -109,6 +123,7 @@ } }, "template": { + "description": "Template contains the template of possibilities for the provisioning logic to launch a NodeClaim with.\nNodeClaims launched from this NodePool will often be further constrained than the template specifies.", "type": "object", "required": [ "spec" @@ -118,12 +133,14 @@ "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", "type": "object", "maxProperties": 100, "additionalProperties": { @@ -133,7 +150,7 @@ }, "x-kubernetes-validations": [ { - "rule": "self.all(x, x in [\"beta.kubernetes.io/instance-type\", \"failure-domain.beta.kubernetes.io/region\", \"beta.kubernetes.io/os\", \"beta.kubernetes.io/arch\", \"failure-domain.beta.kubernetes.io/zone\", \"topology.kubernetes.io/zone\", \"topology.kubernetes.io/region\", \"kubernetes.io/arch\", \"kubernetes.io/os\", \"node.kubernetes.io/windows-build\"] || x.find(\"^([^/]+)\").endsWith(\"node.kubernetes.io\") || x.find(\"^([^/]+)\").endsWith(\"node-restriction.kubernetes.io\") || !x.find(\"^([^/]+)\").endsWith(\"kubernetes.io\"))", + "rule": "self.all(x, x in [\"beta.kubernetes.io/instance-type\", \"failure-domain.beta.kubernetes.io/region\", \"beta.kubernetes.io/os\", \"beta.kubernetes.io/arch\", \"failure-domain.beta.kubernetes.io/zone\", \"topology.kubernetes.io/region\", \"kubernetes.io/arch\", \"kubernetes.io/os\", \"node.kubernetes.io/windows-build\"] || x.find(\"^([^/]+)\").endsWith(\"node.kubernetes.io\") || x.find(\"^([^/]+)\").endsWith(\"node-restriction.kubernetes.io\") || !x.find(\"^([^/]+)\").endsWith(\"kubernetes.io\"))", "message": "label domain \"kubernetes.io\" is restricted" }, { @@ -153,8 +170,8 @@ "message": "label \"kubernetes.io/hostname\" is restricted" }, { - "rule": "self.all(x, x in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))", - "message": "label domain \"karpenter.k8s.aws\" is restricted" + "rule": "self.all(x, x in [ \"karpenter.azure.com/sku-name\", \"karpenter.azure.com/sku-family\", \"karpenter.azure.com/sku-version\", \"karpenter.azure.com/sku-cpu\", \"karpenter.azure.com/sku-memory\", \"karpenter.azure.com/sku-accelerator\", \"karpenter.azure.com/sku-networking-accelerated\", \"karpenter.azure.com/sku-storage-premium-capable\", \"karpenter.azure.com/sku-storage-ephemeralos-maxsize\", \"karpenter.azure.com/sku-encryptionathost-capable\", \"karpenter.azure.com/sku-gpu-name\", \"karpenter.azure.com/sku-gpu-manufacturer\", \"karpenter.azure.com/sku-gpu-count\" ] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.azure.com\"))", + "message": "label domain \"karpenter.azure.com\" is restricted" } ] } @@ -162,6 +179,7 @@ "additionalProperties": false }, "spec": { + "description": "NodeClaimSpec describes the desired state of the NodeClaim", "type": "object", "required": [ "nodeClassRef", @@ -169,18 +187,22 @@ ], "properties": { "kubelet": { + "description": "Kubelet defines args to be used when configuring kubelet on provisioned nodes.\nThey are a subset of the upstream types, recognizing not all options may be supported.\nWherever possible, the types and names should reflect the upstream kubelet types.", "type": "object", "properties": { "clusterDNS": { + "description": "clusterDNS is a list of IP addresses for the cluster DNS server.\nNote that not all providers may use all addresses.", "type": "array", "items": { "type": "string" } }, "cpuCFSQuota": { + "description": "CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits.", "type": "boolean" }, "evictionHard": { + "description": "EvictionHard is the map of signal names to quantities that define hard eviction thresholds", "type": "object", "additionalProperties": { "type": "string", @@ -194,10 +216,12 @@ ] }, "evictionMaxPodGracePeriod": { + "description": "EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in\nresponse to soft eviction thresholds being met.", "type": "integer", "format": "int32" }, "evictionSoft": { + "description": "EvictionSoft is the map of signal names to quantities that define soft eviction thresholds", "type": "object", "additionalProperties": { "type": "string", @@ -211,6 +235,7 @@ ] }, "evictionSoftGracePeriod": { + "description": "EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal", "type": "object", "additionalProperties": { "type": "string" @@ -223,18 +248,21 @@ ] }, "imageGCHighThresholdPercent": { + "description": "ImageGCHighThresholdPercent is the percent of disk usage after which image\ngarbage collection is always run. The percent is calculated by dividing this\nfield value by 100, so this field must be between 0 and 100, inclusive.\nWhen specified, the value must be greater than ImageGCLowThresholdPercent.", "type": "integer", "format": "int32", "maximum": 100, "minimum": 0 }, "imageGCLowThresholdPercent": { + "description": "ImageGCLowThresholdPercent is the percent of disk usage before which image\ngarbage collection is never run. Lowest disk usage to garbage collect to.\nThe percent is calculated by dividing this field value by 100,\nso the field value must be between 0 and 100, inclusive.\nWhen specified, the value must be less than imageGCHighThresholdPercent", "type": "integer", "format": "int32", "maximum": 100, "minimum": 0 }, "kubeReserved": { + "description": "KubeReserved contains resources reserved for Kubernetes system components.", "type": "object", "additionalProperties": { "type": "string", @@ -252,16 +280,19 @@ ] }, "maxPods": { + "description": "MaxPods is an override for the maximum number of pods that can run on\na worker node instance.", "type": "integer", "format": "int32", "minimum": 0 }, "podsPerCore": { + "description": "PodsPerCore is an override for the number of pods that can run on a worker node\ninstance based on the number of cpu cores. This value cannot exceed MaxPods, so, if\nMaxPods is a lower value, that value will be used.", "type": "integer", "format": "int32", "minimum": 0 }, "systemReserved": { + "description": "SystemReserved contains resources reserved for OS system daemons and kernel memory.", "type": "object", "additionalProperties": { "type": "string", @@ -296,27 +327,33 @@ ] }, "nodeClassRef": { + "description": "NodeClassRef is a reference to an object that defines provider specific configuration", "type": "object", "required": [ "name" ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"", "type": "string" }, "name": { + "description": "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" } }, "additionalProperties": false }, "requirements": { + "description": "Requirements are layered with GetLabels and applied to every node.", "type": "array", "maxItems": 100, "items": { + "description": "A node selector requirement with min values is a selector that contains values, a key, an operator that relates the key and values\nand minValues that represent the requirement to have at least that many values.", "type": "object", "required": [ "key", @@ -324,12 +361,13 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$", "x-kubernetes-validations": [ { - "rule": "self in [\"beta.kubernetes.io/instance-type\", \"failure-domain.beta.kubernetes.io/region\", \"beta.kubernetes.io/os\", \"beta.kubernetes.io/arch\", \"failure-domain.beta.kubernetes.io/zone\", \"topology.kubernetes.io/zone\", \"topology.kubernetes.io/region\", \"node.kubernetes.io/instance-type\", \"kubernetes.io/arch\", \"kubernetes.io/os\", \"node.kubernetes.io/windows-build\"] || self.find(\"^([^/]+)\").endsWith(\"node.kubernetes.io\") || self.find(\"^([^/]+)\").endsWith(\"node-restriction.kubernetes.io\") || !self.find(\"^([^/]+)\").endsWith(\"kubernetes.io\")", + "rule": "self in [\"beta.kubernetes.io/instance-type\", \"failure-domain.beta.kubernetes.io/region\", \"beta.kubernetes.io/os\", \"beta.kubernetes.io/arch\", \"failure-domain.beta.kubernetes.io/zone\", \"topology.kubernetes.io/region\", \"node.kubernetes.io/instance-type\", \"kubernetes.io/arch\", \"kubernetes.io/os\", \"node.kubernetes.io/windows-build\"] || self.find(\"^([^/]+)\").endsWith(\"node.kubernetes.io\") || self.find(\"^([^/]+)\").endsWith(\"node-restriction.kubernetes.io\") || !self.find(\"^([^/]+)\").endsWith(\"kubernetes.io\")", "message": "label domain \"kubernetes.io\" is restricted" }, { @@ -349,17 +387,19 @@ "message": "label \"kubernetes.io/hostname\" is restricted" }, { - "rule": "self in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")", - "message": "label domain \"karpenter.k8s.aws\" is restricted" + "rule": "self in [ \"karpenter.azure.com/sku-name\", \"karpenter.azure.com/sku-family\", \"karpenter.azure.com/sku-version\", \"karpenter.azure.com/sku-cpu\", \"karpenter.azure.com/sku-memory\", \"karpenter.azure.com/sku-accelerator\", \"karpenter.azure.com/sku-networking-accelerated\", \"karpenter.azure.com/sku-storage-premium-capable\", \"karpenter.azure.com/sku-storage-ephemeralos-maxsize\", \"karpenter.azure.com/sku-encryptionathost-capable\", \"karpenter.azure.com/sku-gpu-name\", \"karpenter.azure.com/sku-gpu-manufacturer\", \"karpenter.azure.com/sku-gpu-count\" ] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.azure.com\")", + "message": "label domain \"karpenter.azure.com\" is restricted" } ] }, "minValues": { + "description": "This field is ALPHA and can be dropped or replaced at any time\nMinValues is the minimum number of unique values required to define the flexibility of the specific requirement.", "type": "integer", "maximum": 50, "minimum": 1 }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string", "enum": [ "In", @@ -371,6 +411,7 @@ ] }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "maxLength": 63, "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", @@ -398,10 +439,12 @@ ] }, "resources": { + "description": "Resources models the resource requirements for the NodeClaim to launch", "type": "object", "maxProperties": 0, "properties": { "requests": { + "description": "Requests describes the minimum required resources for the NodeClaim to launch", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -420,8 +463,10 @@ "additionalProperties": false }, "startupTaints": { + "description": "StartupTaints are taints that are applied to nodes upon startup which are expected to be removed automatically\nwithin a short period of time, typically by a DaemonSet that tolerates the taint. These are commonly used by\ndaemonsets to allow initialization and enforce startup ordering. StartupTaints are ignored for provisioning\npurposes in that pods are not required to tolerate a StartupTaint in order to have nodes provisioned for them.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -429,6 +474,7 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string", "enum": [ "NoSchedule", @@ -437,15 +483,18 @@ ] }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string", "minLength": 1, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "The taint value corresponding to the taint key.", "type": "string", "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" } @@ -454,8 +503,10 @@ } }, "taints": { + "description": "Taints will be applied to the NodeClaim's node.", "type": "array", "items": { + "description": "The node this Taint is attached to has the \"effect\" on\nany pod that does not tolerate the Taint.", "type": "object", "required": [ "effect", @@ -463,6 +514,7 @@ ], "properties": { "effect": { + "description": "Required. The effect of the taint on pods\nthat do not tolerate the taint.\nValid effects are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string", "enum": [ "NoSchedule", @@ -471,15 +523,18 @@ ] }, "key": { + "description": "Required. The taint key to be applied to a node.", "type": "string", "minLength": 1, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" }, "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.\nIt is only written for NoExecute taints.", "type": "string", "format": "date-time" }, "value": { + "description": "The taint value corresponding to the taint key.", "type": "string", "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\\/))?([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]$" } @@ -494,6 +549,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight is the priority given to the nodepool during scheduling. A higher\nnumerical weight indicates that this nodepool will be ordered\nahead of other nodepools with lower weights. A nodepool with no weight\nwill be treated as if it is a nodepool with a weight of 0.", "type": "integer", "format": "int32", "maximum": 100, @@ -503,11 +559,14 @@ "additionalProperties": false }, "status": { + "description": "NodePoolStatus defines the observed state of NodePool", "type": "object", "properties": { "conditions": { + "description": "Conditions contains signals for health and readiness", "type": "array", "items": { + "description": "Condition aliases the upstream type and adds additional helper methods", "type": "object", "required": [ "lastTransitionTime", @@ -518,25 +577,30 @@ ], "properties": { "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "enum": [ "True", @@ -545,6 +609,7 @@ ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -554,6 +619,7 @@ } }, "resources": { + "description": "Resources is the list of resources that have been provisioned.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", diff --git a/schema/kci.rocks/database_v1alpha1.json b/schema/kci.rocks/database_v1alpha1.json index 4b628214d..d2a9edf14 100644 --- a/schema/kci.rocks/database_v1alpha1.json +++ b/schema/kci.rocks/database_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Database is the Schema for the databases API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DatabaseSpec defines the desired state of Database", "type": "object", "required": [ "backup", @@ -20,6 +24,7 @@ ], "properties": { "backup": { + "description": "DatabaseBackup defines the desired state of backup and schedule", "type": "object", "required": [ "cron", @@ -39,6 +44,7 @@ "type": "boolean" }, "connectionStringTemplate": { + "description": "ConnectionStringTemplate field can be used to pass a custom template for generating a db connection string. These keywords can be used: Protocol, DatabaseHost, DatabasePort, UserName, Password, DatabaseName. Default template looks like this: \"://:@:/\"", "type": "string" }, "deletionProtected": { @@ -54,12 +60,15 @@ "type": "string" }, "postgres": { + "description": "Postgres struct should be used to provide resource that only applicable to postgres", "type": "object", "properties": { "dropPublicSchema": { + "description": "If set to true, the public schema will be dropped after the database creation", "type": "boolean" }, "schemas": { + "description": "Specify schemas to be created. The user created by db-operator will have all access on them.", "type": "array", "items": { "type": "string" @@ -81,6 +90,7 @@ "additionalProperties": false }, "status": { + "description": "DatabaseStatus defines the observed state of Database", "type": "object", "required": [ "database", @@ -94,18 +104,22 @@ "type": "string" }, "instanceRef": { + "description": "DbInstance is the Schema for the dbinstances API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DbInstanceSpec defines the desired state of DbInstance", "type": "object", "required": [ "adminSecretRef", @@ -113,6 +127,7 @@ ], "properties": { "adminSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -129,6 +144,7 @@ "additionalProperties": false }, "backup": { + "description": "DbInstanceBackup defines name of google bucket to use for storing database dumps for backup when backup is enabled", "type": "object", "required": [ "bucket" @@ -141,9 +157,11 @@ "additionalProperties": false }, "engine": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "generic": { + "description": "GenericInstance is used when instance type is generic and describes necessary informations to use instance generic instance can be any backend, it must be reachable by described address and port", "type": "object", "required": [ "host", @@ -151,6 +169,7 @@ ], "properties": { "backupHost": { + "description": "BackupHost address will be used for dumping database for backup Usually secondary address for primary-secondary setup or cluster lb address If it's not defined, above Host will be used as backup host address.", "type": "string" }, "host": { @@ -166,6 +185,7 @@ "additionalProperties": false }, "google": { + "description": "GoogleInstance is used when instance type is Google Cloud SQL and describes necessary informations to use google API to create sql instances", "type": "object", "required": [ "configmapRef", @@ -176,6 +196,7 @@ "type": "string" }, "clientSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -192,6 +213,7 @@ "additionalProperties": false }, "configmapRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -214,6 +236,7 @@ "additionalProperties": false }, "monitoring": { + "description": "DbInstanceMonitoring defines if exporter", "type": "object", "required": [ "enabled" @@ -226,6 +249,7 @@ "additionalProperties": false }, "sslConnection": { + "description": "DbInstanceSSLConnection defines weather connection from db-operator to instance has to be ssl or not", "type": "object", "required": [ "enabled", @@ -236,6 +260,7 @@ "type": "boolean" }, "skip-verify": { + "description": "SkipVerity use SSL connection, but don't check against a CA", "type": "boolean" } }, @@ -245,6 +270,7 @@ "additionalProperties": false }, "status": { + "description": "DbInstanceStatus defines the observed state of DbInstance", "type": "object", "required": [ "phase", @@ -264,6 +290,7 @@ } }, "phase": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "status": { @@ -279,9 +306,11 @@ "type": "string" }, "phase": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html", "type": "string" }, "proxyStatus": { + "description": "DatabaseProxyStatus defines whether proxy for database is enabled or not if so, provide information", "type": "object", "required": [ "serviceName", diff --git a/schema/kci.rocks/database_v1beta1.json b/schema/kci.rocks/database_v1beta1.json index df4d250c9..a9f755bc0 100644 --- a/schema/kci.rocks/database_v1beta1.json +++ b/schema/kci.rocks/database_v1beta1.json @@ -1,16 +1,20 @@ { + "description": "Database is the Schema for the databases API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DatabaseSpec defines the desired state of Database", "type": "object", "required": [ "backup", @@ -20,6 +24,7 @@ ], "properties": { "backup": { + "description": "DatabaseBackup defines the desired state of backup and schedule", "type": "object", "required": [ "cron", @@ -45,9 +50,11 @@ "type": "string" }, "postgres": { + "description": "Postgres struct should be used to provide resource that only applicable to postgres", "type": "object", "properties": { "dropPublicSchema": { + "description": "If set to true, the public schema will be dropped after the database creation", "type": "boolean" }, "extensions": { @@ -57,6 +64,7 @@ } }, "schemas": { + "description": "Specify schemas to be created. The user created by db-operator will have all access on them.", "type": "array", "items": { "type": "string" @@ -78,6 +86,7 @@ "additionalProperties": false }, "status": { + "description": "DatabaseStatus defines the observed state of Database", "type": "object", "required": [ "database", @@ -91,18 +100,22 @@ "type": "string" }, "instanceRef": { + "description": "DbInstance is the Schema for the dbinstances API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DbInstanceSpec defines the desired state of DbInstance", "type": "object", "required": [ "adminSecretRef", @@ -110,6 +123,7 @@ ], "properties": { "adminSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -126,6 +140,7 @@ "additionalProperties": false }, "backup": { + "description": "DbInstanceBackup defines name of google bucket to use for storing database dumps for backup when backup is enabled", "type": "object", "required": [ "bucket" @@ -138,9 +153,11 @@ "additionalProperties": false }, "engine": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "generic": { + "description": "GenericInstance is used when instance type is generic and describes necessary informations to use instance generic instance can be any backend, it must be reachable by described address and port", "type": "object", "required": [ "host", @@ -148,6 +165,7 @@ ], "properties": { "backupHost": { + "description": "BackupHost address will be used for dumping database for backup Usually secondary address for primary-secondary setup or cluster lb address If it's not defined, above Host will be used as backup host address.", "type": "string" }, "host": { @@ -163,6 +181,7 @@ "additionalProperties": false }, "google": { + "description": "GoogleInstance is used when instance type is Google Cloud SQL and describes necessary informations to use google API to create sql instances", "type": "object", "required": [ "configmapRef", @@ -173,6 +192,7 @@ "type": "string" }, "clientSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -189,6 +209,7 @@ "additionalProperties": false }, "configmapRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -211,6 +232,7 @@ "additionalProperties": false }, "monitoring": { + "description": "DbInstanceMonitoring defines if exporter", "type": "object", "required": [ "enabled" @@ -223,6 +245,7 @@ "additionalProperties": false }, "sslConnection": { + "description": "DbInstanceSSLConnection defines weather connection from db-operator to instance has to be ssl or not", "type": "object", "required": [ "enabled", @@ -233,6 +256,7 @@ "type": "boolean" }, "skip-verify": { + "description": "SkipVerity use SSL connection, but don't check against a CA", "type": "boolean" } }, @@ -242,6 +266,7 @@ "additionalProperties": false }, "status": { + "description": "DbInstanceStatus defines the observed state of DbInstance", "type": "object", "required": [ "phase", @@ -261,6 +286,7 @@ } }, "phase": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "status": { @@ -276,9 +302,11 @@ "type": "string" }, "phase": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html", "type": "string" }, "proxyStatus": { + "description": "DatabaseProxyStatus defines whether proxy for database is enabled or not if so, provide information", "type": "object", "required": [ "serviceName", diff --git a/schema/kci.rocks/dbinstance_v1alpha1.json b/schema/kci.rocks/dbinstance_v1alpha1.json index 1cbc943cf..7b5511cad 100644 --- a/schema/kci.rocks/dbinstance_v1alpha1.json +++ b/schema/kci.rocks/dbinstance_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "DbInstance is the Schema for the dbinstances API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DbInstanceSpec defines the desired state of DbInstance", "type": "object", "required": [ "adminSecretRef", @@ -18,6 +22,7 @@ ], "properties": { "adminSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -34,6 +39,7 @@ "additionalProperties": false }, "backup": { + "description": "DbInstanceBackup defines name of google bucket to use for storing database dumps for backup when backup is enabled", "type": "object", "required": [ "bucket" @@ -46,9 +52,11 @@ "additionalProperties": false }, "engine": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "generic": { + "description": "GenericInstance is used when instance type is generic and describes necessary informations to use instance generic instance can be any backend, it must be reachable by described address and port", "type": "object", "required": [ "host", @@ -56,6 +64,7 @@ ], "properties": { "backupHost": { + "description": "BackupHost address will be used for dumping database for backup Usually secondary address for primary-secondary setup or cluster lb address If it's not defined, above Host will be used as backup host address.", "type": "string" }, "host": { @@ -71,6 +80,7 @@ "additionalProperties": false }, "google": { + "description": "GoogleInstance is used when instance type is Google Cloud SQL and describes necessary informations to use google API to create sql instances", "type": "object", "required": [ "configmapRef", @@ -81,6 +91,7 @@ "type": "string" }, "clientSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -97,6 +108,7 @@ "additionalProperties": false }, "configmapRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -119,6 +131,7 @@ "additionalProperties": false }, "monitoring": { + "description": "DbInstanceMonitoring defines if exporter", "type": "object", "required": [ "enabled" @@ -131,6 +144,7 @@ "additionalProperties": false }, "sslConnection": { + "description": "DbInstanceSSLConnection defines weather connection from db-operator to instance has to be ssl or not", "type": "object", "required": [ "enabled", @@ -141,6 +155,7 @@ "type": "boolean" }, "skip-verify": { + "description": "SkipVerity use SSL connection, but don't check against a CA", "type": "boolean" } }, @@ -150,6 +165,7 @@ "additionalProperties": false }, "status": { + "description": "DbInstanceStatus defines the observed state of DbInstance", "type": "object", "required": [ "phase", @@ -169,6 +185,7 @@ } }, "phase": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "status": { diff --git a/schema/kci.rocks/dbinstance_v1beta1.json b/schema/kci.rocks/dbinstance_v1beta1.json index 1cbc943cf..7b5511cad 100644 --- a/schema/kci.rocks/dbinstance_v1beta1.json +++ b/schema/kci.rocks/dbinstance_v1beta1.json @@ -1,16 +1,20 @@ { + "description": "DbInstance is the Schema for the dbinstances API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "DbInstanceSpec defines the desired state of DbInstance", "type": "object", "required": [ "adminSecretRef", @@ -18,6 +22,7 @@ ], "properties": { "adminSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -34,6 +39,7 @@ "additionalProperties": false }, "backup": { + "description": "DbInstanceBackup defines name of google bucket to use for storing database dumps for backup when backup is enabled", "type": "object", "required": [ "bucket" @@ -46,9 +52,11 @@ "additionalProperties": false }, "engine": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "generic": { + "description": "GenericInstance is used when instance type is generic and describes necessary informations to use instance generic instance can be any backend, it must be reachable by described address and port", "type": "object", "required": [ "host", @@ -56,6 +64,7 @@ ], "properties": { "backupHost": { + "description": "BackupHost address will be used for dumping database for backup Usually secondary address for primary-secondary setup or cluster lb address If it's not defined, above Host will be used as backup host address.", "type": "string" }, "host": { @@ -71,6 +80,7 @@ "additionalProperties": false }, "google": { + "description": "GoogleInstance is used when instance type is Google Cloud SQL and describes necessary informations to use google API to create sql instances", "type": "object", "required": [ "configmapRef", @@ -81,6 +91,7 @@ "type": "string" }, "clientSecretRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -97,6 +108,7 @@ "additionalProperties": false }, "configmapRef": { + "description": "NamespacedName is a fork of the kubernetes api type of the same name. Sadly this is required because CRD structs must have all fields json tagged and the kubernetes type is not tagged.", "type": "object", "required": [ "Name", @@ -119,6 +131,7 @@ "additionalProperties": false }, "monitoring": { + "description": "DbInstanceMonitoring defines if exporter", "type": "object", "required": [ "enabled" @@ -131,6 +144,7 @@ "additionalProperties": false }, "sslConnection": { + "description": "DbInstanceSSLConnection defines weather connection from db-operator to instance has to be ssl or not", "type": "object", "required": [ "enabled", @@ -141,6 +155,7 @@ "type": "boolean" }, "skip-verify": { + "description": "SkipVerity use SSL connection, but don't check against a CA", "type": "boolean" } }, @@ -150,6 +165,7 @@ "additionalProperties": false }, "status": { + "description": "DbInstanceStatus defines the observed state of DbInstance", "type": "object", "required": [ "phase", @@ -169,6 +185,7 @@ } }, "phase": { + "description": "Important: Run \"make generate\" to regenerate code after modifying this file", "type": "string" }, "status": { diff --git a/schema/keda.k8s.io/scaledobject_v1alpha1.json b/schema/keda.k8s.io/scaledobject_v1alpha1.json index a6758e522..fe4c50925 100644 --- a/schema/keda.k8s.io/scaledobject_v1alpha1.json +++ b/schema/keda.k8s.io/scaledobject_v1alpha1.json @@ -1,719 +1,887 @@ { + "description": "ScaledObject is a specification for a ScaledObject resource", + "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ScaledObjectSpec is the spec for a ScaledObject resource", + "type": "object", + "required": [ + "triggers" + ], "properties": { "cooldownPeriod": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "jobTargetRef": { - "additionalProperties": false, + "description": "JobSpec describes how the job execution will look like.", + "type": "object", + "required": [ + "template" + ], "properties": { "activeDeadlineSeconds": { - "format": "int64", - "type": "integer" + "description": "Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer", + "type": "integer", + "format": "int64" }, "backoffLimit": { - "format": "int32", - "type": "integer" + "description": "Specifies the number of retries before marking this job failed. Defaults to 6", + "type": "integer", + "format": "int32" }, "completions": { - "format": "int32", - "type": "integer" + "description": "Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "type": "integer", + "format": "int32" }, "manualSelector": { + "description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector", "type": "boolean" }, "parallelism": { - "format": "int32", - "type": "integer" + "description": "Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) \u003c .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "type": "integer", + "format": "int32" }, "selector": { - "additionalProperties": false, + "description": "A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "template": { - "additionalProperties": false, + "description": "Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/", + "type": "object", "properties": { "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata", "type": "object" }, "spec": { - "additionalProperties": false, + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status", + "type": "object", + "required": [ + "containers" + ], "properties": { "activeDeadlineSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", + "type": "integer", + "format": "int64" }, "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", "type": "boolean" }, "containers": { + "description": "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A single application container that you want to run within a pod.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or it's key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "type": "string" }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or it's key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvFromSource represents the source of a set of ConfigMaps", + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "description": "The ConfigMap to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The Secret to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { + "description": "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "additionalProperties": false, + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -724,21 +892,25 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -749,58 +921,69 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -811,21 +994,25 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -836,65 +1023,77 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -905,33 +1104,40 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -942,98 +1148,119 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerPort represents a network port in a single container.", + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", + "type": "integer", + "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "type": "integer", + "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1044,33 +1271,40 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1081,456 +1315,562 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN", "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.", + "type": "object", "properties": { "add": { + "description": "Added capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } }, "drop": { + "description": "Removed capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false.", "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "integer", + "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature.", + "type": "array", "items": { - "additionalProperties": false, + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive. This field is alpha in 1.14.", "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "dnsConfig": { - "additionalProperties": false, + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", + "type": "object", "properties": { "nameservers": { + "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "options": { + "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "type": "object", "properties": { "name": { + "description": "Required.", "type": "string" }, "value": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "searches": { + "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "dnsPolicy": { + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.", "type": "string" }, "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", "type": "boolean" }, "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "type": "object", "properties": { "hostnames": { + "description": "Hostnames for the above IP address.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ip": { + "description": "IP address of the host file entry.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "hostIPC": { + "description": "Use the host's ipc namespace. Optional: Default to false.", "type": "boolean" }, "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false.", "type": "boolean" }, "hostPID": { + "description": "Use the host's pid namespace. Optional: Default to false.", "type": "boolean" }, "hostname": { + "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", "type": "string" }, "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "type": "array", "items": { - "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "initContainers": { + "description": "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, or Liveness probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + "type": "array", "items": { - "additionalProperties": false, + "description": "A single application container that you want to run within a pod.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or it's key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "type": "string" }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or it's key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvFromSource represents the source of a set of ConfigMaps", + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "description": "The ConfigMap to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "The Secret to select from", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { + "description": "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "additionalProperties": false, + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1541,21 +1881,25 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1566,58 +1910,69 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1628,21 +1983,25 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1653,65 +2012,77 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1722,33 +2093,40 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1759,98 +2137,119 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerPort represents a network port in a single container.", + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", + "type": "integer", + "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "type": "integer", + "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "description": "One and only one of the following should be specified. Exec specifies the action to take.", + "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "description": "HTTPGet specifies the http request to perform.", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "The header field name", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1861,33 +2260,40 @@ ] }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.", + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "description": "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook", + "type": "object", + "required": [ + "port" + ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "string" @@ -1898,1291 +2304,1570 @@ ] } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN", "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.", + "type": "object", "properties": { "add": { + "description": "Added capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } }, "drop": { + "description": "Removed capabilities", + "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false.", "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "integer", + "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container. This is a beta feature.", + "type": "array", "items": { - "additionalProperties": false, + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "type": "array", "items": { - "additionalProperties": false, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive. This field is alpha in 1.14.", "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "nodeName": { + "description": "NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.", "type": "string" }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "priority": { - "format": "int32", - "type": "integer" + "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", + "type": "integer", + "format": "int32" }, "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", "type": "string" }, "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md", + "type": "array", "items": { - "additionalProperties": false, + "description": "PodReadinessGate contains the reference to a pod condition", + "type": "object", + "required": [ + "conditionType" + ], "properties": { "conditionType": { + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", "type": "string" } }, - "required": [ - "conditionType" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "restartPolicy": { + "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy", "type": "string" }, "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is an alpha feature and may change in the future.", "type": "string" }, "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", "type": "string" }, "securityContext": { - "additionalProperties": false, + "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", + "type": "object", "properties": { "fsGroup": { - "format": "int64", - "type": "integer" + "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume.", + "type": "integer", + "format": "int64" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.", + "type": "integer", + "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.", + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.", + "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.", + "type": "array", "items": { - "format": "int64", - "type": "integer" - }, - "type": "array" + "type": "integer", + "format": "int64" + } }, "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Sysctl defines a kernel parameter to be set", + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "serviceAccount": { + "description": "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", "type": "string" }, "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "type": "string" }, "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.", "type": "boolean" }, "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"\u003chostname\u003e.\u003csubdomain\u003e.\u003cpod namespace\u003e.svc.\u003ccluster domain\u003e\". If not specified, the pod will not have a domainname at all.", "type": "string" }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "type": "integer", + "format": "int64" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "type": "array", "items": { - "additionalProperties": false, + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "description": "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { + "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "description": "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "type": "integer", + "format": "int32" }, "readOnly": { + "description": "Specify \"true\" to force and set the ReadOnly property in VolumeMounts to \"true\". If omitted, the default is \"false\". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { + "description": "Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "The Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "The URI the data disk in the blob storage", "type": "string" }, "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { + "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "Share Name", "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "description": "CephFS represents a Ceph FS mount on the host that shares a pod's lifetime", + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "description": "Required: Monitors is a collection of Ceph monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "path": { + "description": "Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { - "additionalProperties": false, + "description": "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "user": { + "description": "Optional: User is the rados user name, default is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "description": "Cinder represents a cinder volume attached and mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md", + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "Optional: points to a secret object containing parameters used to connect to OpenStack.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "volumeID": { + "description": "volume id used to identify the volume in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md", "type": "string" } - }, - "required": [ - "volumeID" - ], - "type": "object" + }, + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "description": "ConfigMap represents a configMap that should populate this volume", + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "items": { + "description": "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "The key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or it's keys must be defined", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "csi": { - "additionalProperties": false, + "description": "CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).", + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { + "description": "Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "Filesystem type to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "description": "NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "readOnly": { + "description": "Specifies a read-only configuration for the volume. Defaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "description": "DownwardAPI represents downward API about the pod that should populate this volume", + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", + "type": "array", "items": { - "additionalProperties": false, + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "type": "string" }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "description": "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "object", "properties": { "medium": { + "description": "What type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "description": "FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "type": "object", "properties": { "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "description": "Optional: FC target lun number", + "type": "integer", + "format": "int32" }, "readOnly": { + "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "Optional: FC target worldwide names (WWNs)", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "wwids": { + "description": "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { + "description": "Driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "Optional: Extra command options if any.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { + "description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "description": "Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", + "type": "object", "properties": { "datasetName": { + "description": "Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "description": "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { + "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "description": "The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "integer", + "format": "int32" }, "pdName": { + "description": "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { + "description": "Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", "type": "string" }, "repository": { + "description": "Repository URL", "type": "string" }, "revision": { + "description": "Commit hash for the specified revision.", "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "description": "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md", + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { + "description": "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "Path is the Glusterfs volume path. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "description": "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.", + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { + "description": "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "Type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "description": "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md", + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { + "description": "whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "Target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "description": "iSCSI Target Lun number.", + "type": "integer", + "format": "int32" }, "portals": { + "description": "iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "readOnly": { + "description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "CHAP Secret for iSCSI target and initiator authentication", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "targetPortal": { + "description": "iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { + "description": "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { - "additionalProperties": false, + "description": "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { + "description": "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "description": "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { + "description": "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "Will force the ReadOnly setting in VolumeMounts. Default false.", "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "description": "PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "ID that identifies Photon Controller persistent disk", "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "description": "PortworxVolume represents a portworx volume attached and mounted on kubelets host machine", + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { + "description": "FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "VolumeID uniquely identifies a Portworx volume", "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "description": "Items for all in one resources secrets, configmaps, and downward API", + "type": "object", + "required": [ + "sources" + ], "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "sources": { + "description": "list of volume projections", + "type": "array", "items": { - "additionalProperties": false, + "description": "Projection that may be projected along with other supported volume types", + "type": "object", "properties": { "configMap": { - "additionalProperties": false, + "description": "information about the configMap data to project", + "type": "object", "properties": { "items": { + "description": "If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "The key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or it's keys must be defined", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "description": "information about the downwardAPI data to project", + "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", + "type": "array", "items": { - "additionalProperties": false, + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "type": "string" }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "description": "information about the secret data to project", + "type": "object", "properties": { "items": { + "description": "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "The key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "serviceAccountToken": { - "additionalProperties": false, + "description": "information about the serviceAccountToken data to project", + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { + "description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "type": "integer", + "format": "int64" }, "path": { + "description": "Path is the path relative to the mount point of the file to project the token into.", "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "sources" - ], - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "description": "Quobyte represents a Quobyte mount on the host that shares a pod's lifetime", + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { + "description": "Group to map volume access to Default is no group", "type": "string" }, "readOnly": { + "description": "ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", "type": "boolean" }, "registry": { + "description": "Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "User to map volume access to Defaults to serivceaccount user", "type": "string" }, "volume": { + "description": "Volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "description": "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md", + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { + "description": "Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "A collection of Ceph monitors. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "pool": { + "description": "The rados pool name. Default is rbd. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "user": { + "description": "The rados user name. Default is admin. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "description": "ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", "type": "string" }, "gateway": { + "description": "The host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "The name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "sslEnabled": { + "description": "Flag to enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "The ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "The name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "The name of a volume already created in the ScaleIO system that is associated with this volume source.", "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "description": "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "items": { + "description": "If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Maps a string key to a path within a volume.", + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { + "description": "The key to project.", "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "description": "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, "path": { + "description": "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "optional": { + "description": "Specify whether the Secret or it's keys must be defined", "type": "boolean" }, "secretName": { + "description": "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "description": "StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", + "type": "object", "properties": { "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "description": "SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "volumeName": { + "description": "VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "description": "VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { + "description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "Storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "Path that identifies vSphere volume vmdk", "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "containers" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "ttlSecondsAfterFinished": { - "format": "int32", - "type": "integer" + "description": "ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.", + "type": "integer", + "format": "int32" } }, - "required": [ - "template" - ], - "type": "object" + "additionalProperties": false }, "maxReplicaCount": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "minReplicaCount": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "pollingInterval": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "scaleTargetRef": { - "additionalProperties": false, + "description": "ObjectReference holds the a reference to the deployment this ScaledObject applies", + "type": "object", + "required": [ + "deploymentName" + ], "properties": { "containerName": { "type": "string" @@ -3191,35 +3876,40 @@ "type": "string" } }, - "required": [ - "deploymentName" - ], - "type": "object" + "additionalProperties": false }, "scaleType": { + "description": "ScaledObjectScaleType distinguish between Deployment based and K8s Jobs", "type": "string" }, "triggers": { + "type": "array", "items": { - "additionalProperties": false, + "description": "ScaleTriggers reference the scaler that will be used", + "type": "object", + "required": [ + "metadata", + "type" + ], "properties": { "authenticationRef": { - "additionalProperties": false, + "description": "ScaledObjectAuthRef points to the TriggerAuthentication object that is used to authenticate the scaler with the environment", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "metadata": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "name": { "type": "string" @@ -3228,39 +3918,28 @@ "type": "string" } }, - "required": [ - "metadata", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "triggers" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "ScaledObjectStatus is the status for a ScaledObject resource", + "type": "object", "properties": { "externalMetricNames": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "lastActiveTime": { - "format": "date-time", - "type": "string" + "type": "string", + "format": "date-time" } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "spec" - ], - "type": "object" + } } diff --git a/schema/keda.k8s.io/triggerauthentication_v1alpha1.json b/schema/keda.k8s.io/triggerauthentication_v1alpha1.json index 350c96c83..996f23847 100644 --- a/schema/keda.k8s.io/triggerauthentication_v1alpha1.json +++ b/schema/keda.k8s.io/triggerauthentication_v1alpha1.json @@ -1,20 +1,34 @@ { + "description": "TriggerAuthentication defines how a trigger can authenticate", + "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "TriggerAuthenticationSpec defines the various ways to authenticate", + "type": "object", "properties": { "env": { + "type": "array", "items": { - "additionalProperties": false, + "description": "AuthEnvironment is used to authenticate using environment variables in the destination deployment spec", + "type": "object", + "required": [ + "name", + "parameter" + ], "properties": { "containerName": { "type": "string" @@ -26,29 +40,33 @@ "type": "string" } }, - "required": [ - "name", - "parameter" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "podIdentity": { - "additionalProperties": false, + "description": "AuthPodIdentity allows users to select the platform native identity mechanism", + "type": "object", + "required": [ + "provider" + ], "properties": { "provider": { + "description": "PodIdentityProvider contains the list of providers", "type": "string" } }, - "required": [ - "provider" - ], - "type": "object" + "additionalProperties": false }, "secretTargetRef": { + "type": "array", "items": { - "additionalProperties": false, + "description": "AuthSecretTargetRef is used to authenticate using a reference to a secret", + "type": "object", + "required": [ + "key", + "name", + "parameter" + ], "properties": { "key": { "type": "string" @@ -60,21 +78,11 @@ "type": "string" } }, - "required": [ - "key", - "name", - "parameter" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } - }, - "required": [ - "spec" - ], - "type": "object" + } } diff --git a/schema/kubeflow.org/jaxjob_v1.json b/schema/kubeflow.org/jaxjob_v1.json index d6e6b26c0..bf3c189c8 100644 --- a/schema/kubeflow.org/jaxjob_v1.json +++ b/schema/kubeflow.org/jaxjob_v1.json @@ -1,22 +1,27 @@ { + "description": "JAXJob Represents a JAXJob resource.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "Specification of the desired state of the JAXJob.", "type": "object", "required": [ "jaxReplicaSpecs" ], "properties": { "jaxReplicaSpecs": { + "description": "A map of JAXReplicaType (type) to ReplicaSpec (value). Specifies the JAX cluster configuration.\nFor example,\n {\n \"Worker\": JAXReplicaSpec,\n }", "type": "object", "additionalProperties": { "description": "ReplicaSpec is a description of the replica", @@ -6663,23 +6668,29 @@ } }, "runPolicy": { + "description": "RunPolicy encapsulates various runtime policies of the distributed training\njob, for example how to clean up resources and how long the job can stay\nactive.", "type": "object", "properties": { "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be active\nbefore the system tries to terminate it; value must be positive integer.", "type": "integer", "format": "int64" }, "backoffLimit": { + "description": "Optional number of retries before marking this job failed.", "type": "integer", "format": "int32" }, "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy to kill pods after the job completes.\nDefault to None.", "type": "string" }, "managedBy": { + "description": "ManagedBy is used to indicate the controller or entity that manages a job.\nThe value must be either an empty, 'kubeflow.org/training-operator' or\n'kueue.x-k8s.io/multikueue'.\nThe training-operator reconciles a job which doesn't have this\nfield at all or the field value is the reserved string\n'kubeflow.org/training-operator', but delegates reconciling the job\nwith 'kueue.x-k8s.", "type": "string" }, "schedulingPolicy": { + "description": "SchedulingPolicy defines the policy related to scheduling, e.g. gang-scheduling", "type": "object", "properties": { "minAvailable": { @@ -6721,10 +6732,12 @@ "additionalProperties": false }, "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not.\nIf a Job is created with suspend set to true, no Pods are created by\nthe Job controller. If a Job is suspended after creation (i.e. the\nflag goes from false to true), the Job controller will delete all\nactive Pods and PodGroups associated with this Job.\nUsers must design their workload to gracefully handle this.", "type": "boolean", "default": false }, "ttlSecondsAfterFinished": { + "description": "TTLSecondsAfterFinished is the TTL to clean up jobs.\nIt may take extra ReconcilePeriod seconds for the cleanup, since\nreconcile gets called periodically.\nDefault to infinite.", "type": "integer", "format": "int32" } @@ -6735,15 +6748,19 @@ "additionalProperties": false }, "status": { + "description": "Most recently observed status of the JAXJob.\nRead-only (modified by the system).", "type": "object", "properties": { "completionTime": { + "description": "Represents time when the job was completed. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "conditions": { + "description": "Conditions is an array of current observed job conditions.", "type": "array", "items": { + "description": "JobCondition describes the state of the job at a certain point.", "type": "object", "required": [ "status", @@ -6751,23 +6768,29 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "lastUpdateTime": { + "description": "The last time this condition was updated.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of job condition.", "type": "string" } }, @@ -6775,10 +6798,12 @@ } }, "lastReconcileTime": { + "description": "Represents last time when the job was reconciled. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "replicaStatuses": { + "description": "ReplicaStatuses is map of ReplicaType and ReplicaStatus,\nspecifies the status of each replica.", "type": "object", "additionalProperties": { "description": "ReplicaStatus represents the current observed state of the replica.", @@ -6852,6 +6877,7 @@ } }, "startTime": { + "description": "Represents time when the job was acknowledged by the job controller.\nIt is not guaranteed to be set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" } diff --git a/schema/kubeflow.org/mpijob_v1.json b/schema/kubeflow.org/mpijob_v1.json index 21a3505ca..1599c75d3 100644 --- a/schema/kubeflow.org/mpijob_v1.json +++ b/schema/kubeflow.org/mpijob_v1.json @@ -2,9 +2,11 @@ "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -17,12 +19,15 @@ ], "properties": { "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy that whether to kill pods after the job completes.\nDefaults to None.", "type": "string" }, "mainContainer": { + "description": "MainContainer specifies name of the main container which\nexecutes the MPI code.", "type": "string" }, "mpiReplicaSpecs": { + "description": "`MPIReplicaSpecs` contains maps from `MPIReplicaType` to `ReplicaSpec` that\nspecify the MPI replicas to run.", "type": "object", "additionalProperties": { "description": "ReplicaSpec is a description of the replica", @@ -6669,23 +6674,29 @@ } }, "runPolicy": { + "description": "`RunPolicy` encapsulates various runtime policies of the distributed training\njob, for example how to clean up resources and how long the job can stay\nactive.", "type": "object", "properties": { "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be active\nbefore the system tries to terminate it; value must be positive integer.", "type": "integer", "format": "int64" }, "backoffLimit": { + "description": "Optional number of retries before marking this job failed.", "type": "integer", "format": "int32" }, "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy to kill pods after the job completes.\nDefault to None.", "type": "string" }, "managedBy": { + "description": "ManagedBy is used to indicate the controller or entity that manages a job.\nThe value must be either an empty, 'kubeflow.org/training-operator' or\n'kueue.x-k8s.io/multikueue'.\nThe training-operator reconciles a job which doesn't have this\nfield at all or the field value is the reserved string\n'kubeflow.org/training-operator', but delegates reconciling the job\nwith 'kueue.x-k8s.", "type": "string" }, "schedulingPolicy": { + "description": "SchedulingPolicy defines the policy related to scheduling, e.g. gang-scheduling", "type": "object", "properties": { "minAvailable": { @@ -6727,10 +6738,12 @@ "additionalProperties": false }, "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not.\nIf a Job is created with suspend set to true, no Pods are created by\nthe Job controller. If a Job is suspended after creation (i.e. the\nflag goes from false to true), the Job controller will delete all\nactive Pods and PodGroups associated with this Job.\nUsers must design their workload to gracefully handle this.", "type": "boolean", "default": false }, "ttlSecondsAfterFinished": { + "description": "TTLSecondsAfterFinished is the TTL to clean up jobs.\nIt may take extra ReconcilePeriod seconds for the cleanup, since\nreconcile gets called periodically.\nDefault to infinite.", "type": "integer", "format": "int32" } @@ -6738,6 +6751,7 @@ "additionalProperties": false }, "slotsPerWorker": { + "description": "Specifies the number of slots per worker used in hostfile.\nDefaults to 1.", "type": "integer", "format": "int32" } @@ -6745,15 +6759,19 @@ "additionalProperties": false }, "status": { + "description": "JobStatus represents the current observed state of the training Job.", "type": "object", "properties": { "completionTime": { + "description": "Represents time when the job was completed. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "conditions": { + "description": "Conditions is an array of current observed job conditions.", "type": "array", "items": { + "description": "JobCondition describes the state of the job at a certain point.", "type": "object", "required": [ "status", @@ -6761,23 +6779,29 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "lastUpdateTime": { + "description": "The last time this condition was updated.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of job condition.", "type": "string" } }, @@ -6785,10 +6809,12 @@ } }, "lastReconcileTime": { + "description": "Represents last time when the job was reconciled. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "replicaStatuses": { + "description": "ReplicaStatuses is map of ReplicaType and ReplicaStatus,\nspecifies the status of each replica.", "type": "object", "additionalProperties": { "description": "ReplicaStatus represents the current observed state of the replica.", @@ -6862,6 +6888,7 @@ } }, "startTime": { + "description": "Represents time when the job was acknowledged by the job controller.\nIt is not guaranteed to be set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" } diff --git a/schema/kubeflow.org/mxjob_v1.json b/schema/kubeflow.org/mxjob_v1.json index 582b6f509..a4f4d7ee8 100644 --- a/schema/kubeflow.org/mxjob_v1.json +++ b/schema/kubeflow.org/mxjob_v1.json @@ -1,16 +1,20 @@ { + "description": "MXJob is the Schema for the mxjobs API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "MXJobSpec defines the desired state of MXJob", "type": "object", "required": [ "jobMode", @@ -18,9 +22,11 @@ ], "properties": { "jobMode": { + "description": "JobMode specify the kind of MXjob to do. Different mode may have\ndifferent MXReplicaSpecs request", "type": "string" }, "mxReplicaSpecs": { + "description": "MXReplicaSpecs is map of ReplicaType and ReplicaSpec\nspecifies the MX replicas to run.\nFor example,\n {\n \"Scheduler\": ReplicaSpec,\n \"Server\": ReplicaSpec,\n \"Worker\": ReplicaSpec,\n }", "type": "object", "additionalProperties": { "description": "ReplicaSpec is a description of the replica", @@ -6353,20 +6359,25 @@ } }, "runPolicy": { + "description": "RunPolicy encapsulates various runtime policies of the distributed training\njob, for example how to clean up resources and how long the job can stay\nactive.", "type": "object", "properties": { "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be active\nbefore the system tries to terminate it; value must be positive integer.", "type": "integer", "format": "int64" }, "backoffLimit": { + "description": "Optional number of retries before marking this job failed.", "type": "integer", "format": "int32" }, "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy to kill pods after the job completes.\nDefault to None.", "type": "string" }, "schedulingPolicy": { + "description": "SchedulingPolicy defines the policy related to scheduling, e.g. gang-scheduling", "type": "object", "properties": { "minAvailable": { @@ -6408,10 +6419,12 @@ "additionalProperties": false }, "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not.\nIf a Job is created with suspend set to true, no Pods are created by\nthe Job controller. If a Job is suspended after creation (i.e. the\nflag goes from false to true), the Job controller will delete all\nactive Pods and PodGroups associated with this Job.\nUsers must design their workload to gracefully handle this.", "type": "boolean", "default": false }, "ttlSecondsAfterFinished": { + "description": "TTLSecondsAfterFinished is the TTL to clean up jobs.\nIt may take extra ReconcilePeriod seconds for the cleanup, since\nreconcile gets called periodically.\nDefault to infinite.", "type": "integer", "format": "int32" } @@ -6422,15 +6435,19 @@ "additionalProperties": false }, "status": { + "description": "JobStatus represents the current observed state of the training Job.", "type": "object", "properties": { "completionTime": { + "description": "Represents time when the job was completed. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "conditions": { + "description": "Conditions is an array of current observed job conditions.", "type": "array", "items": { + "description": "JobCondition describes the state of the job at a certain point.", "type": "object", "required": [ "status", @@ -6438,23 +6455,29 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "lastUpdateTime": { + "description": "The last time this condition was updated.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of job condition.", "type": "string" } }, @@ -6462,10 +6485,12 @@ } }, "lastReconcileTime": { + "description": "Represents last time when the job was reconciled. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "replicaStatuses": { + "description": "ReplicaStatuses is map of ReplicaType and ReplicaStatus,\nspecifies the status of each replica.", "type": "object", "additionalProperties": { "description": "ReplicaStatus represents the current observed state of the replica.", @@ -6537,6 +6562,7 @@ } }, "startTime": { + "description": "Represents time when the job was acknowledged by the job controller.\nIt is not guaranteed to be set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" } diff --git a/schema/kubeflow.org/paddlejob_v1.json b/schema/kubeflow.org/paddlejob_v1.json index 621570722..fcf8806c6 100644 --- a/schema/kubeflow.org/paddlejob_v1.json +++ b/schema/kubeflow.org/paddlejob_v1.json @@ -1,41 +1,51 @@ { + "description": "PaddleJob Represents a PaddleJob resource.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "Specification of the desired state of the PaddleJob.", "type": "object", "required": [ "paddleReplicaSpecs" ], "properties": { "elasticPolicy": { + "description": "ElasticPolicy holds the elastic policy for paddle job.", "type": "object", "properties": { "maxReplicas": { + "description": "upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas, defaults to null.", "type": "integer", "format": "int32" }, "maxRestarts": { + "description": "MaxRestarts is the limit for restart times of pods in elastic mode.", "type": "integer", "format": "int32" }, "metrics": { + "description": "Metrics contains the specifications which are used to calculate the\ndesired replica count (the maximum replica count across all metrics will\nbe used). The desired replica count is calculated with multiplying the\nratio between the target value and the current value by the current\nnumber of pods. Ergo, metrics used must decrease as the pod count is\nincreased, and vice-versa.", "type": "array", "items": { + "description": "MetricSpec specifies how to scale based on a single metric\n(only `type` and one other matching field should be set at once).", "type": "object", "required": [ "type" ], "properties": { "containerResource": { + "description": "containerResource refers to a resource metric (such as those specified in\nrequests and limits) known to Kubernetes describing a single container in\neach pod of the current scale target (e.g. CPU or memory). Such metrics are\nbuilt in to Kubernetes, and have special scaling options on top of those\navailable to normal per-pod metrics using the \"pods\" source.", "type": "object", "required": [ "container", @@ -44,22 +54,27 @@ ], "properties": { "container": { + "description": "container is the name of the container in the pods of the scaling target", "type": "string" }, "name": { + "description": "name is the name of the resource in question.", "type": "string" }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -72,9 +87,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -93,6 +110,7 @@ "additionalProperties": false }, "external": { + "description": "external refers to a global metric that is not associated\nwith any Kubernetes object. It allows autoscaling based on information\ncoming from components running outside of cluster\n(for example length of queue in cloud messaging service, or\nQPS from loadbalancer running outside of cluster).", "type": "object", "required": [ "metric", @@ -100,20 +118,25 @@ ], "properties": { "metric": { + "description": "metric identifies the target metric by name and selector", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "name is the name of the given metric", "type": "string" }, "selector": { + "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric\nWhen set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.\nWhen unset, just the metricName will be used to gather metrics.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -121,12 +144,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -139,6 +165,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -152,16 +179,19 @@ "additionalProperties": false }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -174,9 +204,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -195,6 +227,7 @@ "additionalProperties": false }, "object": { + "description": "object refers to a metric describing a single kubernetes object\n(for example, hits-per-second on an Ingress object).", "type": "object", "required": [ "describedObject", @@ -203,6 +236,7 @@ ], "properties": { "describedObject": { + "description": "describedObject specifies the descriptions of a object,such as kind,name apiVersion", "type": "object", "required": [ "kind", @@ -210,32 +244,40 @@ ], "properties": { "apiVersion": { + "description": "apiVersion is the API version of the referent", "type": "string" }, "kind": { + "description": "kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "additionalProperties": false }, "metric": { + "description": "metric identifies the target metric by name and selector", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "name is the name of the given metric", "type": "string" }, "selector": { + "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric\nWhen set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.\nWhen unset, just the metricName will be used to gather metrics.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -243,12 +285,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -261,6 +306,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -274,16 +320,19 @@ "additionalProperties": false }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -296,9 +345,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -317,6 +368,7 @@ "additionalProperties": false }, "pods": { + "description": "pods refers to a metric describing each pod in the current scale target\n(for example, transactions-processed-per-second). The values will be\naveraged together before being compared to the target value.", "type": "object", "required": [ "metric", @@ -324,20 +376,25 @@ ], "properties": { "metric": { + "description": "metric identifies the target metric by name and selector", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "name is the name of the given metric", "type": "string" }, "selector": { + "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric\nWhen set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.\nWhen unset, just the metricName will be used to gather metrics.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -345,12 +402,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -363,6 +423,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -376,16 +437,19 @@ "additionalProperties": false }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -398,9 +462,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -419,6 +485,7 @@ "additionalProperties": false }, "resource": { + "description": "resource refers to a resource metric (such as those specified in\nrequests and limits) known to Kubernetes describing each pod in the\ncurrent scale target (e.g. CPU or memory). Such metrics are built in to\nKubernetes, and have special scaling options on top of those available\nto normal per-pod metrics using the \"pods\" source.", "type": "object", "required": [ "name", @@ -426,19 +493,23 @@ ], "properties": { "name": { + "description": "name is the name of the resource in question.", "type": "string" }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -451,9 +522,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -472,6 +545,7 @@ "additionalProperties": false }, "type": { + "description": "type is the type of metric source. It should be one of \"ContainerResource\", \"External\",\n\"Object\", \"Pods\" or \"Resource\", each mapping to a matching field in the object.\nNote: \"ContainerResource\" type is available on when the feature-gate\nHPAContainerMetrics is enabled", "type": "string" } }, @@ -479,6 +553,7 @@ } }, "minReplicas": { + "description": "minReplicas is the lower limit for the number of replicas to which the training job\ncan scale down. It defaults to null.", "type": "integer", "format": "int32" } @@ -486,6 +561,7 @@ "additionalProperties": false }, "paddleReplicaSpecs": { + "description": "A map of PaddleReplicaType (type) to ReplicaSpec (value). Specifies the Paddle cluster configuration.\nFor example,\n {\n \"Master\": PaddleReplicaSpec,\n \"Worker\": PaddleReplicaSpec,\n }", "type": "object", "additionalProperties": { "description": "ReplicaSpec is a description of the replica", @@ -7132,23 +7208,29 @@ } }, "runPolicy": { + "description": "RunPolicy encapsulates various runtime policies of the distributed training\njob, for example how to clean up resources and how long the job can stay\nactive.", "type": "object", "properties": { "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be active\nbefore the system tries to terminate it; value must be positive integer.", "type": "integer", "format": "int64" }, "backoffLimit": { + "description": "Optional number of retries before marking this job failed.", "type": "integer", "format": "int32" }, "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy to kill pods after the job completes.\nDefault to None.", "type": "string" }, "managedBy": { + "description": "ManagedBy is used to indicate the controller or entity that manages a job.\nThe value must be either an empty, 'kubeflow.org/training-operator' or\n'kueue.x-k8s.io/multikueue'.\nThe training-operator reconciles a job which doesn't have this\nfield at all or the field value is the reserved string\n'kubeflow.org/training-operator', but delegates reconciling the job\nwith 'kueue.x-k8s.", "type": "string" }, "schedulingPolicy": { + "description": "SchedulingPolicy defines the policy related to scheduling, e.g. gang-scheduling", "type": "object", "properties": { "minAvailable": { @@ -7190,10 +7272,12 @@ "additionalProperties": false }, "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not.\nIf a Job is created with suspend set to true, no Pods are created by\nthe Job controller. If a Job is suspended after creation (i.e. the\nflag goes from false to true), the Job controller will delete all\nactive Pods and PodGroups associated with this Job.\nUsers must design their workload to gracefully handle this.", "type": "boolean", "default": false }, "ttlSecondsAfterFinished": { + "description": "TTLSecondsAfterFinished is the TTL to clean up jobs.\nIt may take extra ReconcilePeriod seconds for the cleanup, since\nreconcile gets called periodically.\nDefault to infinite.", "type": "integer", "format": "int32" } @@ -7204,15 +7288,19 @@ "additionalProperties": false }, "status": { + "description": "Most recently observed status of the PaddleJob.\nRead-only (modified by the system).", "type": "object", "properties": { "completionTime": { + "description": "Represents time when the job was completed. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "conditions": { + "description": "Conditions is an array of current observed job conditions.", "type": "array", "items": { + "description": "JobCondition describes the state of the job at a certain point.", "type": "object", "required": [ "status", @@ -7220,23 +7308,29 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "lastUpdateTime": { + "description": "The last time this condition was updated.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of job condition.", "type": "string" } }, @@ -7244,10 +7338,12 @@ } }, "lastReconcileTime": { + "description": "Represents last time when the job was reconciled. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "replicaStatuses": { + "description": "ReplicaStatuses is map of ReplicaType and ReplicaStatus,\nspecifies the status of each replica.", "type": "object", "additionalProperties": { "description": "ReplicaStatus represents the current observed state of the replica.", @@ -7321,6 +7417,7 @@ } }, "startTime": { + "description": "Represents time when the job was acknowledged by the job controller.\nIt is not guaranteed to be set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" } diff --git a/schema/kubeflow.org/pytorchjob_v1.json b/schema/kubeflow.org/pytorchjob_v1.json index 4a6e058b3..745040110 100644 --- a/schema/kubeflow.org/pytorchjob_v1.json +++ b/schema/kubeflow.org/pytorchjob_v1.json @@ -1,16 +1,20 @@ { + "description": "PyTorchJob Represents a PyTorchJob resource.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "Specification of the desired state of the PyTorchJob.", "type": "object", "required": [ "pytorchReplicaSpecs" @@ -20,6 +24,7 @@ "type": "object", "properties": { "maxReplicas": { + "description": "upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas, defaults to null.", "type": "integer", "format": "int32" }, @@ -28,14 +33,17 @@ "format": "int32" }, "metrics": { + "description": "Metrics contains the specifications which are used to calculate the\ndesired replica count (the maximum replica count across all metrics will\nbe used). The desired replica count is calculated with multiplying the\nratio between the target value and the current value by the current\nnumber of pods. Ergo, metrics used must decrease as the pod count is\nincreased, and vice-versa.", "type": "array", "items": { + "description": "MetricSpec specifies how to scale based on a single metric\n(only `type` and one other matching field should be set at once).", "type": "object", "required": [ "type" ], "properties": { "containerResource": { + "description": "containerResource refers to a resource metric (such as those specified in\nrequests and limits) known to Kubernetes describing a single container in\neach pod of the current scale target (e.g. CPU or memory). Such metrics are\nbuilt in to Kubernetes, and have special scaling options on top of those\navailable to normal per-pod metrics using the \"pods\" source.", "type": "object", "required": [ "container", @@ -44,22 +52,27 @@ ], "properties": { "container": { + "description": "container is the name of the container in the pods of the scaling target", "type": "string" }, "name": { + "description": "name is the name of the resource in question.", "type": "string" }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -72,9 +85,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -93,6 +108,7 @@ "additionalProperties": false }, "external": { + "description": "external refers to a global metric that is not associated\nwith any Kubernetes object. It allows autoscaling based on information\ncoming from components running outside of cluster\n(for example length of queue in cloud messaging service, or\nQPS from loadbalancer running outside of cluster).", "type": "object", "required": [ "metric", @@ -100,20 +116,25 @@ ], "properties": { "metric": { + "description": "metric identifies the target metric by name and selector", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "name is the name of the given metric", "type": "string" }, "selector": { + "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric\nWhen set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.\nWhen unset, just the metricName will be used to gather metrics.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -121,12 +142,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -139,6 +163,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -152,16 +177,19 @@ "additionalProperties": false }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -174,9 +202,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -195,6 +225,7 @@ "additionalProperties": false }, "object": { + "description": "object refers to a metric describing a single kubernetes object\n(for example, hits-per-second on an Ingress object).", "type": "object", "required": [ "describedObject", @@ -203,6 +234,7 @@ ], "properties": { "describedObject": { + "description": "describedObject specifies the descriptions of a object,such as kind,name apiVersion", "type": "object", "required": [ "kind", @@ -210,32 +242,40 @@ ], "properties": { "apiVersion": { + "description": "apiVersion is the API version of the referent", "type": "string" }, "kind": { + "description": "kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, "additionalProperties": false }, "metric": { + "description": "metric identifies the target metric by name and selector", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "name is the name of the given metric", "type": "string" }, "selector": { + "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric\nWhen set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.\nWhen unset, just the metricName will be used to gather metrics.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -243,12 +283,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -261,6 +304,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -274,16 +318,19 @@ "additionalProperties": false }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -296,9 +343,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -317,6 +366,7 @@ "additionalProperties": false }, "pods": { + "description": "pods refers to a metric describing each pod in the current scale target\n(for example, transactions-processed-per-second). The values will be\naveraged together before being compared to the target value.", "type": "object", "required": [ "metric", @@ -324,20 +374,25 @@ ], "properties": { "metric": { + "description": "metric identifies the target metric by name and selector", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "name is the name of the given metric", "type": "string" }, "selector": { + "description": "selector is the string-encoded form of a standard kubernetes label selector for the given metric\nWhen set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.\nWhen unset, just the metricName will be used to gather metrics.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -345,12 +400,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -363,6 +421,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -376,16 +435,19 @@ "additionalProperties": false }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -398,9 +460,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -419,6 +483,7 @@ "additionalProperties": false }, "resource": { + "description": "resource refers to a resource metric (such as those specified in\nrequests and limits) known to Kubernetes describing each pod in the\ncurrent scale target (e.g. CPU or memory). Such metrics are built in to\nKubernetes, and have special scaling options on top of those available\nto normal per-pod metrics using the \"pods\" source.", "type": "object", "required": [ "name", @@ -426,19 +491,23 @@ ], "properties": { "name": { + "description": "name is the name of the resource in question.", "type": "string" }, "target": { + "description": "target specifies the target value for the given metric", "type": "object", "required": [ "type" ], "properties": { "averageUtilization": { + "description": "averageUtilization is the target value of the average of the\nresource metric across all relevant pods, represented as a percentage of\nthe requested value of the resource for the pods.\nCurrently only valid for Resource metric source type", "type": "integer", "format": "int32" }, "averageValue": { + "description": "averageValue is the target value of the average of the\nmetric across all relevant pods (as a quantity)", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -451,9 +520,11 @@ "x-kubernetes-int-or-string": true }, "type": { + "description": "type represents whether the metric type is Utilization, Value, or AverageValue", "type": "string" }, "value": { + "description": "value is the target value of the metric (as a quantity).", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -472,6 +543,7 @@ "additionalProperties": false }, "type": { + "description": "type is the type of metric source. It should be one of \"ContainerResource\", \"External\",\n\"Object\", \"Pods\" or \"Resource\", each mapping to a matching field in the object.\nNote: \"ContainerResource\" type is available on when the feature-gate\nHPAContainerMetrics is enabled", "type": "string" } }, @@ -479,10 +551,12 @@ } }, "minReplicas": { + "description": "minReplicas is the lower limit for the number of replicas to which the training job\ncan scale down. It defaults to null.", "type": "integer", "format": "int32" }, "nProcPerNode": { + "description": "Number of workers per node; supported values: [auto, cpu, gpu, int].\nDeprecated: This API is deprecated in v1.7+\nUse .spec.nprocPerNode instead.", "type": "integer", "format": "int32" }, @@ -490,6 +564,7 @@ "type": "string" }, "rdzvConf": { + "description": "RDZVConf contains additional rendezvous configuration (\u003ckey1\u003e=\u003cvalue1\u003e,\u003ckey2\u003e=\u003cvalue2\u003e,...).", "type": "array", "items": { "type": "object", @@ -515,15 +590,18 @@ "format": "int32" }, "standalone": { + "description": "Start a local standalone rendezvous backend that is represented by a C10d TCP store\non port 29400. Useful when launching single-node, multi-worker job. If specified\n--rdzv_backend, --rdzv_endpoint, --rdzv_id are auto-assigned; any explicitly set values\nare ignored.", "type": "boolean" } }, "additionalProperties": false }, "nprocPerNode": { + "description": "Number of workers per node; supported values: [auto, cpu, gpu, int].\nFor more, https://github.com/pytorch/pytorch/blob/26f7f470df64d90e092081e39507e4ac751f55d6/torch/distributed/run.py#L629-L658.\nDefaults to auto.", "type": "string" }, "pytorchReplicaSpecs": { + "description": "A map of PyTorchReplicaType (type) to ReplicaSpec (value). Specifies the PyTorch cluster configuration.\nFor example,\n {\n \"Master\": PyTorchReplicaSpec,\n \"Worker\": PyTorchReplicaSpec,\n }", "type": "object", "additionalProperties": { "description": "ReplicaSpec is a description of the replica", @@ -7170,23 +7248,29 @@ } }, "runPolicy": { + "description": "RunPolicy encapsulates various runtime policies of the distributed training\njob, for example how to clean up resources and how long the job can stay\nactive.", "type": "object", "properties": { "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be active\nbefore the system tries to terminate it; value must be positive integer.", "type": "integer", "format": "int64" }, "backoffLimit": { + "description": "Optional number of retries before marking this job failed.", "type": "integer", "format": "int32" }, "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy to kill pods after the job completes.\nDefault to None.", "type": "string" }, "managedBy": { + "description": "ManagedBy is used to indicate the controller or entity that manages a job.\nThe value must be either an empty, 'kubeflow.org/training-operator' or\n'kueue.x-k8s.io/multikueue'.\nThe training-operator reconciles a job which doesn't have this\nfield at all or the field value is the reserved string\n'kubeflow.org/training-operator', but delegates reconciling the job\nwith 'kueue.x-k8s.", "type": "string" }, "schedulingPolicy": { + "description": "SchedulingPolicy defines the policy related to scheduling, e.g. gang-scheduling", "type": "object", "properties": { "minAvailable": { @@ -7228,10 +7312,12 @@ "additionalProperties": false }, "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not.\nIf a Job is created with suspend set to true, no Pods are created by\nthe Job controller. If a Job is suspended after creation (i.e. the\nflag goes from false to true), the Job controller will delete all\nactive Pods and PodGroups associated with this Job.\nUsers must design their workload to gracefully handle this.", "type": "boolean", "default": false }, "ttlSecondsAfterFinished": { + "description": "TTLSecondsAfterFinished is the TTL to clean up jobs.\nIt may take extra ReconcilePeriod seconds for the cleanup, since\nreconcile gets called periodically.\nDefault to infinite.", "type": "integer", "format": "int32" } @@ -7242,15 +7328,19 @@ "additionalProperties": false }, "status": { + "description": "Most recently observed status of the PyTorchJob.\nRead-only (modified by the system).", "type": "object", "properties": { "completionTime": { + "description": "Represents time when the job was completed. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "conditions": { + "description": "Conditions is an array of current observed job conditions.", "type": "array", "items": { + "description": "JobCondition describes the state of the job at a certain point.", "type": "object", "required": [ "status", @@ -7258,23 +7348,29 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "lastUpdateTime": { + "description": "The last time this condition was updated.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of job condition.", "type": "string" } }, @@ -7282,10 +7378,12 @@ } }, "lastReconcileTime": { + "description": "Represents last time when the job was reconciled. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "replicaStatuses": { + "description": "ReplicaStatuses is map of ReplicaType and ReplicaStatus,\nspecifies the status of each replica.", "type": "object", "additionalProperties": { "description": "ReplicaStatus represents the current observed state of the replica.", @@ -7359,6 +7457,7 @@ } }, "startTime": { + "description": "Represents time when the job was acknowledged by the job controller.\nIt is not guaranteed to be set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" } diff --git a/schema/kubeflow.org/tfjob_v1.json b/schema/kubeflow.org/tfjob_v1.json index d9972a6a5..3f751005c 100644 --- a/schema/kubeflow.org/tfjob_v1.json +++ b/schema/kubeflow.org/tfjob_v1.json @@ -1,42 +1,53 @@ { + "description": "TFJob represents a TFJob resource.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "Specification of the desired state of the TFJob.", "type": "object", "required": [ "tfReplicaSpecs" ], "properties": { "enableDynamicWorker": { + "description": "A switch to enable dynamic worker", "type": "boolean" }, "runPolicy": { + "description": "RunPolicy encapsulates various runtime policies of the distributed training\njob, for example how to clean up resources and how long the job can stay\nactive.", "type": "object", "properties": { "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be active\nbefore the system tries to terminate it; value must be positive integer.", "type": "integer", "format": "int64" }, "backoffLimit": { + "description": "Optional number of retries before marking this job failed.", "type": "integer", "format": "int32" }, "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy to kill pods after the job completes.\nDefault to None.", "type": "string" }, "managedBy": { + "description": "ManagedBy is used to indicate the controller or entity that manages a job.\nThe value must be either an empty, 'kubeflow.org/training-operator' or\n'kueue.x-k8s.io/multikueue'.\nThe training-operator reconciles a job which doesn't have this\nfield at all or the field value is the reserved string\n'kubeflow.org/training-operator', but delegates reconciling the job\nwith 'kueue.x-k8s.", "type": "string" }, "schedulingPolicy": { + "description": "SchedulingPolicy defines the policy related to scheduling, e.g. gang-scheduling", "type": "object", "properties": { "minAvailable": { @@ -78,10 +89,12 @@ "additionalProperties": false }, "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not.\nIf a Job is created with suspend set to true, no Pods are created by\nthe Job controller. If a Job is suspended after creation (i.e. the\nflag goes from false to true), the Job controller will delete all\nactive Pods and PodGroups associated with this Job.\nUsers must design their workload to gracefully handle this.", "type": "boolean", "default": false }, "ttlSecondsAfterFinished": { + "description": "TTLSecondsAfterFinished is the TTL to clean up jobs.\nIt may take extra ReconcilePeriod seconds for the cleanup, since\nreconcile gets called periodically.\nDefault to infinite.", "type": "integer", "format": "int32" } @@ -89,9 +102,11 @@ "additionalProperties": false }, "successPolicy": { + "description": "SuccessPolicy defines the policy to mark the TFJob as succeeded.\nDefault to \"\", using the default rules.", "type": "string" }, "tfReplicaSpecs": { + "description": "A map of TFReplicaType (type) to ReplicaSpec (value). Specifies the TF cluster configuration.\nFor example,\n {\n \"PS\": ReplicaSpec,\n \"Worker\": ReplicaSpec,\n }", "type": "object", "additionalProperties": { "description": "ReplicaSpec is a description of the replica", @@ -6741,15 +6756,19 @@ "additionalProperties": false }, "status": { + "description": "Most recently observed status of the TFJob.\nPopulated by the system.\nRead-only.", "type": "object", "properties": { "completionTime": { + "description": "Represents time when the job was completed. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "conditions": { + "description": "Conditions is an array of current observed job conditions.", "type": "array", "items": { + "description": "JobCondition describes the state of the job at a certain point.", "type": "object", "required": [ "status", @@ -6757,23 +6776,29 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "lastUpdateTime": { + "description": "The last time this condition was updated.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of job condition.", "type": "string" } }, @@ -6781,10 +6806,12 @@ } }, "lastReconcileTime": { + "description": "Represents last time when the job was reconciled. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "replicaStatuses": { + "description": "ReplicaStatuses is map of ReplicaType and ReplicaStatus,\nspecifies the status of each replica.", "type": "object", "additionalProperties": { "description": "ReplicaStatus represents the current observed state of the replica.", @@ -6858,6 +6885,7 @@ } }, "startTime": { + "description": "Represents time when the job was acknowledged by the job controller.\nIt is not guaranteed to be set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" } diff --git a/schema/kubeflow.org/xgboostjob_v1.json b/schema/kubeflow.org/xgboostjob_v1.json index 54b00b025..7c77df0fe 100644 --- a/schema/kubeflow.org/xgboostjob_v1.json +++ b/schema/kubeflow.org/xgboostjob_v1.json @@ -1,39 +1,49 @@ { + "description": "XGBoostJob is the Schema for the xgboostjobs API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "XGBoostJobSpec defines the desired state of XGBoostJob", "type": "object", "required": [ "xgbReplicaSpecs" ], "properties": { "runPolicy": { + "description": "INSERT ADDITIONAL SPEC FIELDS - desired state of cluster\nImportant: Run \"make\" to regenerate code after modifying this file", "type": "object", "properties": { "activeDeadlineSeconds": { + "description": "Specifies the duration in seconds relative to the startTime that the job may be active\nbefore the system tries to terminate it; value must be positive integer.", "type": "integer", "format": "int64" }, "backoffLimit": { + "description": "Optional number of retries before marking this job failed.", "type": "integer", "format": "int32" }, "cleanPodPolicy": { + "description": "CleanPodPolicy defines the policy to kill pods after the job completes.\nDefault to None.", "type": "string" }, "managedBy": { + "description": "ManagedBy is used to indicate the controller or entity that manages a job.\nThe value must be either an empty, 'kubeflow.org/training-operator' or\n'kueue.x-k8s.io/multikueue'.\nThe training-operator reconciles a job which doesn't have this\nfield at all or the field value is the reserved string\n'kubeflow.org/training-operator', but delegates reconciling the job\nwith 'kueue.x-k8s.", "type": "string" }, "schedulingPolicy": { + "description": "SchedulingPolicy defines the policy related to scheduling, e.g. gang-scheduling", "type": "object", "properties": { "minAvailable": { @@ -75,10 +85,12 @@ "additionalProperties": false }, "suspend": { + "description": "suspend specifies whether the Job controller should create Pods or not.\nIf a Job is created with suspend set to true, no Pods are created by\nthe Job controller. If a Job is suspended after creation (i.e. the\nflag goes from false to true), the Job controller will delete all\nactive Pods and PodGroups associated with this Job.\nUsers must design their workload to gracefully handle this.", "type": "boolean", "default": false }, "ttlSecondsAfterFinished": { + "description": "TTLSecondsAfterFinished is the TTL to clean up jobs.\nIt may take extra ReconcilePeriod seconds for the cleanup, since\nreconcile gets called periodically.\nDefault to infinite.", "type": "integer", "format": "int32" } @@ -6735,15 +6747,19 @@ "additionalProperties": false }, "status": { + "description": "JobStatus represents the current observed state of the training Job.", "type": "object", "properties": { "completionTime": { + "description": "Represents time when the job was completed. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "conditions": { + "description": "Conditions is an array of current observed job conditions.", "type": "array", "items": { + "description": "JobCondition describes the state of the job at a certain point.", "type": "object", "required": [ "status", @@ -6751,23 +6767,29 @@ ], "properties": { "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "lastUpdateTime": { + "description": "The last time this condition was updated.", "type": "string", "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of job condition.", "type": "string" } }, @@ -6775,10 +6797,12 @@ } }, "lastReconcileTime": { + "description": "Represents last time when the job was reconciled. It is not guaranteed to\nbe set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" }, "replicaStatuses": { + "description": "ReplicaStatuses is map of ReplicaType and ReplicaStatus,\nspecifies the status of each replica.", "type": "object", "additionalProperties": { "description": "ReplicaStatus represents the current observed state of the replica.", @@ -6852,6 +6876,7 @@ } }, "startTime": { + "description": "Represents time when the job was acknowledged by the job controller.\nIt is not guaranteed to be set in happens-before order across separate operations.\nIt is represented in RFC3339 form and is in UTC.", "type": "string", "format": "date-time" } diff --git a/schema/kustomize.fluxcd.io/kustomization_v1alpha1.json b/schema/kustomize.fluxcd.io/kustomization_v1alpha1.json index d2e78795e..3a410f991 100644 --- a/schema/kustomize.fluxcd.io/kustomization_v1alpha1.json +++ b/schema/kustomize.fluxcd.io/kustomization_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Kustomization is the Schema for the kustomizations API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "KustomizationSpec defines the desired state of a kustomization.", "type": "object", "required": [ "interval", @@ -20,14 +24,17 @@ ], "properties": { "dependsOn": { + "description": "A list of kustomizations that must be ready before this kustomization can be applied.", "type": "array", "items": { "type": "string" } }, "healthChecks": { + "description": "A list of workloads (Deployments, DaemonSets and StatefulSets) to be included in the health assessment.", "type": "array", "items": { + "description": "WorkloadReference defines a reference to a Deployment, DaemonSet or StatefulSet.", "type": "object", "required": [ "kind", @@ -36,6 +43,7 @@ ], "properties": { "kind": { + "description": "Kind is the type of resource being referenced.", "type": "string", "enum": [ "Deployment", @@ -44,9 +52,11 @@ ] }, "name": { + "description": "Name is the name of resource being referenced.", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced.", "type": "string" } }, @@ -54,16 +64,20 @@ } }, "interval": { + "description": "The interval at which to apply the kustomization.", "type": "string" }, "path": { + "description": "Path to the directory containing the kustomization file.", "type": "string", "pattern": "^\\./" }, "prune": { + "description": "Enables garbage collection.", "type": "boolean" }, "serviceAccount": { + "description": "The Kubernetes service account used for applying the kustomization.", "type": "object", "required": [ "name", @@ -71,15 +85,18 @@ ], "properties": { "name": { + "description": "Name is the name of the service account being referenced.", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of the service account being referenced.", "type": "string" } }, "additionalProperties": false }, "sourceRef": { + "description": "Reference of the source where the kustomization file is.", "type": "object", "required": [ "kind", @@ -87,30 +104,37 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string", "enum": [ "GitRepository" ] }, "name": { + "description": "Name of the referent", "type": "string" }, "namespace": { + "description": "Namespace of the referent", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.", "type": "boolean" }, "timeout": { + "description": "Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration.", "type": "string" }, "validation": { + "description": "Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run) or 'server' (APIServer dry-run).", "type": "string", "enum": [ "client", @@ -121,11 +145,13 @@ "additionalProperties": false }, "status": { + "description": "KustomizationStatus defines the observed state of a kustomization.", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a kustomization.", "type": "object", "required": [ "status", @@ -133,19 +159,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -153,16 +184,20 @@ } }, "lastAppliedRevision": { + "description": "The last successfully applied revision. The revision format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.", "type": "string" }, "lastAttemptedRevision": { + "description": "LastAttemptedRevision is the revision of the last reconciliation attempt.", "type": "string" }, "observedGeneration": { + "description": "ObservedGeneration is the last reconciled generation.", "type": "integer", "format": "int64" }, "snapshot": { + "description": "The last successfully applied revision metadata.", "type": "object", "required": [ "entries", @@ -170,20 +205,24 @@ ], "properties": { "entries": { + "description": "A list of Kubernetes kinds grouped by namespace.", "type": "array", "items": { + "description": "Snapshot holds the metadata of namespaced Kubernetes objects", "type": "object", "required": [ "kinds" ], "properties": { "kinds": { + "description": "The list of Kubernetes kinds.", "type": "object", "additionalProperties": { "type": "string" } }, "namespace": { + "description": "The namespace of this entry.", "type": "string" } }, @@ -191,6 +230,7 @@ } }, "revision": { + "description": "The source revision.", "type": "string" } }, diff --git a/schema/kustomize.fluxcd.io/profile_v1alpha1.json b/schema/kustomize.fluxcd.io/profile_v1alpha1.json index dcbf698ca..c37bc28a2 100644 --- a/schema/kustomize.fluxcd.io/profile_v1alpha1.json +++ b/schema/kustomize.fluxcd.io/profile_v1alpha1.json @@ -1,22 +1,27 @@ { + "description": "Profile is the Schema for the profiles API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ProfileSpec defines the desired state of Profile", "type": "object", "required": [ "kustomizations" ], "properties": { "alert": { + "description": "Alerting configuration of the kustomizations targeted by this profile.", "type": "object", "required": [ "address", @@ -26,12 +31,15 @@ ], "properties": { "address": { + "description": "HTTP(S) webhook address of this provider", "type": "string" }, "channel": { + "description": "Alert channel for this provider", "type": "string" }, "type": { + "description": "Type of provider", "type": "string", "enum": [ "slack", @@ -39,9 +47,11 @@ ] }, "username": { + "description": "Bot username for this provider", "type": "string" }, "verbosity": { + "description": "Filter alerts based on verbosity level, defaults to ('error').", "type": "string", "enum": [ "info", @@ -52,6 +62,7 @@ "additionalProperties": false }, "kustomizations": { + "description": "The list of kustomizations that this profile applies to.", "type": "array", "items": { "type": "string" @@ -61,11 +72,13 @@ "additionalProperties": false }, "status": { + "description": "ProfileStatus defines the observed state of Profile", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a kustomization.", "type": "object", "required": [ "status", @@ -73,19 +86,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, diff --git a/schema/kustomize.toolkit.fluxcd.io/kustomization_v1alpha1.json b/schema/kustomize.toolkit.fluxcd.io/kustomization_v1alpha1.json index c6163d1e1..07ae28f8a 100644 --- a/schema/kustomize.toolkit.fluxcd.io/kustomization_v1alpha1.json +++ b/schema/kustomize.toolkit.fluxcd.io/kustomization_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Kustomization is the Schema for the kustomizations API.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "KustomizationSpec defines the desired state of a kustomization.", "type": "object", "required": [ "interval", @@ -20,21 +24,25 @@ ], "properties": { "decryption": { + "description": "Decrypt Kubernetes secrets before applying them on the cluster.", "type": "object", "required": [ "provider" ], "properties": { "provider": { + "description": "Provider is the name of the decryption engine.", "type": "string", "enum": [ "sops" ] }, "secretRef": { + "description": "The secret name containing the private OpenPGP keys used for decryption.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -44,17 +52,21 @@ "additionalProperties": false }, "dependsOn": { + "description": "DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.", "type": "array", "items": { + "description": "CrossNamespaceDependencyReference holds the reference to a dependency.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name holds the name reference of a dependency.", "type": "string" }, "namespace": { + "description": "Namespace holds the namespace reference of a dependency.", "type": "string" } }, @@ -62,8 +74,10 @@ } }, "healthChecks": { + "description": "A list of resources to be included in the health assessment.", "type": "array", "items": { + "description": "CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level", "type": "object", "required": [ "kind", @@ -71,15 +85,19 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent, defaults to 'apps/v1'", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string" }, "name": { + "description": "Name of the referent", "type": "string" }, "namespace": { + "description": "Namespace of the referent", "type": "string" } }, @@ -87,16 +105,20 @@ } }, "interval": { + "description": "The interval at which to apply the kustomization.", "type": "string" }, "path": { + "description": "Path to the directory containing the kustomization file.", "type": "string", "pattern": "^\\./" }, "prune": { + "description": "Enables garbage collection.", "type": "boolean" }, "serviceAccount": { + "description": "The Kubernetes service account used for applying the kustomization.", "type": "object", "required": [ "name", @@ -104,15 +126,18 @@ ], "properties": { "name": { + "description": "Name is the name of the service account being referenced.", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of the service account being referenced.", "type": "string" } }, "additionalProperties": false }, "sourceRef": { + "description": "Reference of the source where the kustomization file is.", "type": "object", "required": [ "kind", @@ -120,9 +145,11 @@ ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string", "enum": [ "GitRepository", @@ -130,21 +157,26 @@ ] }, "name": { + "description": "Name of the referent", "type": "string" }, "namespace": { + "description": "Namespace of the referent, defaults to the Kustomization namespace", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.", "type": "boolean" }, "timeout": { + "description": "Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration.", "type": "string" }, "validation": { + "description": "Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run) or 'server' (APIServer dry-run).", "type": "string", "enum": [ "client", @@ -155,11 +187,13 @@ "additionalProperties": false }, "status": { + "description": "KustomizationStatus defines the observed state of a kustomization.", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a kustomization.", "type": "object", "required": [ "status", @@ -167,19 +201,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -187,16 +226,20 @@ } }, "lastAppliedRevision": { + "description": "The last successfully applied revision. The revision format for Git sources is \u003cbranch|tag\u003e/\u003ccommit-sha\u003e.", "type": "string" }, "lastAttemptedRevision": { + "description": "LastAttemptedRevision is the revision of the last reconciliation attempt.", "type": "string" }, "observedGeneration": { + "description": "ObservedGeneration is the last reconciled generation.", "type": "integer", "format": "int64" }, "snapshot": { + "description": "The last successfully applied revision metadata.", "type": "object", "required": [ "checksum", @@ -204,23 +247,28 @@ ], "properties": { "checksum": { + "description": "The manifests sha1 checksum.", "type": "string" }, "entries": { + "description": "A list of Kubernetes kinds grouped by namespace.", "type": "array", "items": { + "description": "Snapshot holds the metadata of namespaced Kubernetes objects", "type": "object", "required": [ "kinds" ], "properties": { "kinds": { + "description": "The list of Kubernetes kinds.", "type": "object", "additionalProperties": { "type": "string" } }, "namespace": { + "description": "The namespace of this entry.", "type": "string" } }, diff --git a/schema/kyverno.io/clusterpolicyviolation_v1.json b/schema/kyverno.io/clusterpolicyviolation_v1.json index 55fde2262..1846007c9 100644 --- a/schema/kyverno.io/clusterpolicyviolation_v1.json +++ b/schema/kyverno.io/clusterpolicyviolation_v1.json @@ -49,8 +49,7 @@ "additionalProperties": false } } - }, - "additionalProperties": false + } } } } diff --git a/schema/kyverno.io/policyviolation_v1.json b/schema/kyverno.io/policyviolation_v1.json index 55fde2262..1846007c9 100644 --- a/schema/kyverno.io/policyviolation_v1.json +++ b/schema/kyverno.io/policyviolation_v1.json @@ -49,8 +49,7 @@ "additionalProperties": false } } - }, - "additionalProperties": false + } } } } diff --git a/schema/logging.banzaicloud.io/nodeagent_v1beta1.json b/schema/logging.banzaicloud.io/nodeagent_v1beta1.json index c768560cb..00a514000 100644 --- a/schema/logging.banzaicloud.io/nodeagent_v1beta1.json +++ b/schema/logging.banzaicloud.io/nodeagent_v1beta1.json @@ -1557,9 +1557,6 @@ } }, "additionalProperties": false - }, - "stopSignal": { - "type": "string" } }, "additionalProperties": false @@ -2710,9 +2707,6 @@ } }, "additionalProperties": false - }, - "stopSignal": { - "type": "string" } }, "additionalProperties": false @@ -3872,9 +3866,6 @@ } }, "additionalProperties": false - }, - "stopSignal": { - "type": "string" } }, "additionalProperties": false @@ -4686,9 +4677,6 @@ "type": "integer", "format": "int64" }, - "seLinuxChangePolicy": { - "type": "string" - }, "seLinuxOptions": { "type": "object", "properties": { @@ -7430,9 +7418,6 @@ "type": "integer", "format": "int64" }, - "seLinuxChangePolicy": { - "type": "string" - }, "seLinuxOptions": { "type": "object", "properties": { diff --git a/schema/mcp.upbound.io/controlplane_v1alpha1.json b/schema/mcp.upbound.io/controlplane_v1alpha1.json index bd2d9598b..9dcef1456 100644 --- a/schema/mcp.upbound.io/controlplane_v1alpha1.json +++ b/schema/mcp.upbound.io/controlplane_v1alpha1.json @@ -1,25 +1,30 @@ { + "description": "A ControlPlane is used to create a controlplane", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "A ControlPlaneSpec defines the desired state of a ControlPlane.", "type": "object", "required": [ "forProvider" ], "properties": { "deletionPolicy": { + "description": "DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either \"Delete\" or \"Orphan\" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "type": "string", "default": "Delete", "enum": [ @@ -28,6 +33,7 @@ ] }, "forProvider": { + "description": "ControlPlaneParameters are the configurable fields of a ControlPlane.", "type": "object", "required": [ "configuration", @@ -35,31 +41,38 @@ ], "properties": { "autoUpdate": { + "description": "A value that indicates whether the configuration version update takes effect immediately. \n The AutoUpdate parameter specifically impacts the version value. If the ApplyImmediately parameter is turned off, changes to the configuration require updating the version field. \n By default, this parameter is turned off.", "type": "boolean" }, "configuration": { + "description": "Configuration is the name of the predefined configuration", "type": "string", "minLength": 1 }, "description": { + "description": "Description is the description of the the control plane", "type": "string" }, "organizationName": { + "description": "OrganizationName is the name of the organization to which the control plane belongs.", "type": "string", "minLength": 1 }, "version": { + "description": "Version is the version of the control plane. If it is nil, the last available version given by configuration will be used.", "type": "string" } }, "additionalProperties": false }, "managementPolicies": { + "description": "THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "type": "array", "default": [ "*" ], "items": { + "description": "A ManagementAction represents an action that the Crossplane controllers can take on an external resource.", "type": "string", "enum": [ "Observe", @@ -72,6 +85,7 @@ } }, "providerConfigRef": { + "description": "ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.", "type": "object", "default": { "name": "default" @@ -81,12 +95,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -95,6 +112,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -108,12 +126,14 @@ "additionalProperties": false }, "publishConnectionDetailsTo": { + "description": "PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", "type": "object", "required": [ "name" ], "properties": { "configRef": { + "description": "SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.", "type": "object", "default": { "name": "default" @@ -123,12 +143,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -137,6 +160,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -150,33 +174,39 @@ "additionalProperties": false }, "metadata": { + "description": "Metadata is the metadata for connection secret.", "type": "object", "properties": { "annotations": { + "description": "Annotations are the annotations to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.annotations\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { + "description": "Labels are the labels/tags to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.labels\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "type": { + "description": "Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores.", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "Name is the name of the connection secret.", "type": "string" } }, "additionalProperties": false }, "writeConnectionSecretToRef": { + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.", "type": "object", "required": [ "name", @@ -184,9 +214,11 @@ ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, @@ -196,21 +228,25 @@ "additionalProperties": false }, "status": { + "description": "A ControlPlaneStatus represents the observed state of a ControlPlane.", "type": "object", "properties": { "atProvider": { + "description": "ControlPlaneResponse is the HTTP body returned by the Upbound API when fetching control planes.", "type": "object", "required": [ "controlPlane" ], "properties": { "controlPlane": { + "description": "ControlPlane describes a control plane.", "type": "object", "required": [ "reserved" ], "properties": { "configuration": { + "description": "ControlPlaneConfiguration represents an instance of a Configuration associated with a Managed Control Plane on Upbound.", "type": "object", "required": [ "id", @@ -237,6 +273,7 @@ "type": "string" }, "status": { + "description": "ConfigurationStatus represents the different states of a Configuration relative to a Managed Control Plane.", "type": "string" }, "syncedAt": { @@ -280,17 +317,21 @@ "additionalProperties": false }, "controlPlanePermission": { + "description": "PermissionGroup describes control plane permissions for the authenticated user.", "type": "string" }, "controlPlanestatus": { + "description": "Status is the status of a control plane on Upbound.", "type": "string" } }, "additionalProperties": false }, "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -300,19 +341,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, diff --git a/schema/mcp.upbound.io/controlplaneauth_v1alpha1.json b/schema/mcp.upbound.io/controlplaneauth_v1alpha1.json index b1acdce75..614dadc28 100644 --- a/schema/mcp.upbound.io/controlplaneauth_v1alpha1.json +++ b/schema/mcp.upbound.io/controlplaneauth_v1alpha1.json @@ -1,25 +1,30 @@ { + "description": "ControlPlaneAuth is used to retrieve Kubeconfig of given ControlPlane.", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ControlPlaneAuthSpec defines the desired state of ControlPlaneAuth", "type": "object", "required": [ "forProvider" ], "properties": { "deletionPolicy": { + "description": "DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either \"Delete\" or \"Orphan\" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "type": "string", "default": "Delete", "enum": [ @@ -34,21 +39,26 @@ ], "properties": { "controlPlaneName": { + "description": "ControlPlaneName is the name of the ControlPlane you'd like to fetch Kubeconfig of. Either ControlPlaneName, ControlPlaneNameRef or ControlPlaneNameSelector has to be given.", "type": "string" }, "controlPlaneNameRef": { + "description": "Reference to a ControlPlane to populate controlPlaneName. Either ControlPlaneName, ControlPlaneNameRef or ControlPlaneNameSelector has to be given.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -57,6 +67,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -70,21 +81,26 @@ "additionalProperties": false }, "controlPlaneNameSelector": { + "description": "Selector for a ControlPlane to populate controlPlaneName. Either ClusterName, ClusterNameRef or ClusterNameSelector has to be given.", "type": "object", "properties": { "matchControllerRef": { + "description": "MatchControllerRef ensures an object with the same controller reference as the selecting object is selected.", "type": "boolean" }, "matchLabels": { + "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object", "additionalProperties": { "type": "string" } }, "policy": { + "description": "Policies for selection.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -93,6 +109,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -106,10 +123,12 @@ "additionalProperties": false }, "organizationName": { + "description": "OrganizationName is the name of the organization to which the control plane belongs.", "type": "string", "minLength": 1 }, "tokenSecretRef": { + "description": "A Token ConnectionSecret is referenced to serve as the authentication token for a KubeConfig", "type": "object", "required": [ "key", @@ -118,12 +137,15 @@ ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, @@ -133,11 +155,13 @@ "additionalProperties": false }, "managementPolicies": { + "description": "THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "type": "array", "default": [ "*" ], "items": { + "description": "A ManagementAction represents an action that the Crossplane controllers can take on an external resource.", "type": "string", "enum": [ "Observe", @@ -150,6 +174,7 @@ } }, "providerConfigRef": { + "description": "ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.", "type": "object", "default": { "name": "default" @@ -159,12 +184,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -173,6 +201,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -186,12 +215,14 @@ "additionalProperties": false }, "publishConnectionDetailsTo": { + "description": "PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", "type": "object", "required": [ "name" ], "properties": { "configRef": { + "description": "SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.", "type": "object", "default": { "name": "default" @@ -201,12 +232,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -215,6 +249,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -228,33 +263,39 @@ "additionalProperties": false }, "metadata": { + "description": "Metadata is the metadata for connection secret.", "type": "object", "properties": { "annotations": { + "description": "Annotations are the annotations to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.annotations\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { + "description": "Labels are the labels/tags to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.labels\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "type": { + "description": "Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores.", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "Name is the name of the connection secret.", "type": "string" } }, "additionalProperties": false }, "writeConnectionSecretToRef": { + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.", "type": "object", "required": [ "name", @@ -262,9 +303,11 @@ ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, @@ -274,14 +317,17 @@ "additionalProperties": false }, "status": { + "description": "ControlPlaneAuthStatus defines the observed state of ControlPlaneAuth.", "type": "object", "properties": { "atProvider": { "type": "object" }, "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -291,19 +337,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, diff --git a/schema/mcp.upbound.io/controlplanepermission_v1alpha1.json b/schema/mcp.upbound.io/controlplanepermission_v1alpha1.json index ecd48e26a..02fbe62f0 100644 --- a/schema/mcp.upbound.io/controlplanepermission_v1alpha1.json +++ b/schema/mcp.upbound.io/controlplanepermission_v1alpha1.json @@ -1,25 +1,30 @@ { + "description": "A ControlPlanePermission is used to grant control plane permissions to a team.", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "A ControlPlanePermissionSpec defines the desired state of a ControlPlanePermission.", "type": "object", "required": [ "forProvider" ], "properties": { "deletionPolicy": { + "description": "DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either \"Delete\" or \"Orphan\" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "type": "string", "default": "Delete", "enum": [ @@ -28,6 +33,7 @@ ] }, "forProvider": { + "description": "ControlPlanePermissionParameters are the configurable fields of a ControlPlanePermission.", "type": "object", "required": [ "organizationName", @@ -35,21 +41,26 @@ ], "properties": { "controlPlaneName": { + "description": "ControlPlaneName is the name of the control plane to which the permission will be granted.", "type": "string" }, "controlPlaneNameRef": { + "description": "ControlPlaneNameRef references a Team to retrieve its name to populate ControlPlaneName.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -58,6 +69,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -71,21 +83,26 @@ "additionalProperties": false }, "controlPlaneNameSelector": { + "description": "ControlPlaneNameSelector selects a reference to a Team to populate ControlPlaneNameDRef.", "type": "object", "properties": { "matchControllerRef": { + "description": "MatchControllerRef ensures an object with the same controller reference as the selecting object is selected.", "type": "boolean" }, "matchLabels": { + "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object", "additionalProperties": { "type": "string" } }, "policy": { + "description": "Policies for selection.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -94,6 +111,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -107,9 +125,11 @@ "additionalProperties": false }, "organizationName": { + "description": "OrganizationName is the name of the organization to which the control plane belongs.", "type": "string" }, "permission": { + "description": "Permission is the permission to grant to the team.", "type": "string", "enum": [ "editor", @@ -118,21 +138,26 @@ ] }, "teamId": { + "description": "TeamID is the name of the team the control plane permission will be granted to.", "type": "string" }, "teamIdRef": { + "description": "TeamIDRef references a Team to retrieve its name to populate TeamID.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -141,6 +166,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -154,21 +180,26 @@ "additionalProperties": false }, "teamIdSelector": { + "description": "TeamIDSelector selects a reference to a Team to populate TeamIDRef.", "type": "object", "properties": { "matchControllerRef": { + "description": "MatchControllerRef ensures an object with the same controller reference as the selecting object is selected.", "type": "boolean" }, "matchLabels": { + "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object", "additionalProperties": { "type": "string" } }, "policy": { + "description": "Policies for selection.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -177,6 +208,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -193,11 +225,13 @@ "additionalProperties": false }, "managementPolicies": { + "description": "THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "type": "array", "default": [ "*" ], "items": { + "description": "A ManagementAction represents an action that the Crossplane controllers can take on an external resource.", "type": "string", "enum": [ "Observe", @@ -210,6 +244,7 @@ } }, "providerConfigRef": { + "description": "ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.", "type": "object", "default": { "name": "default" @@ -219,12 +254,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -233,6 +271,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -246,12 +285,14 @@ "additionalProperties": false }, "publishConnectionDetailsTo": { + "description": "PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", "type": "object", "required": [ "name" ], "properties": { "configRef": { + "description": "SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.", "type": "object", "default": { "name": "default" @@ -261,12 +302,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -275,6 +319,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -288,33 +333,39 @@ "additionalProperties": false }, "metadata": { + "description": "Metadata is the metadata for connection secret.", "type": "object", "properties": { "annotations": { + "description": "Annotations are the annotations to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.annotations\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { + "description": "Labels are the labels/tags to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.labels\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "type": { + "description": "Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores.", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "Name is the name of the connection secret.", "type": "string" } }, "additionalProperties": false }, "writeConnectionSecretToRef": { + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.", "type": "object", "required": [ "name", @@ -322,9 +373,11 @@ ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, @@ -334,22 +387,28 @@ "additionalProperties": false }, "status": { + "description": "A ControlPlanePermissionStatus represents the observed state of a ControlPlanePermission.", "type": "object", "properties": { "atProvider": { + "description": "ControlPlanePermissionObservation are the observable fields of a ControlPlanePermission.", "type": "object", "properties": { "accountId": { + "description": "AccountID is the ID of the account that the team belongs to, i.e. organization account.", "type": "integer" }, "createdAt": { + "description": "CreatedAt is the time the control plane permission was created.", "type": "string", "format": "date-time" }, "creatorId": { + "description": "CreatorID is the ID of the user that created the control plane permission.", "type": "integer" }, "updatedAt": { + "description": "UpdatedAt is the time the control plane permission was last updated.", "type": "string", "format": "date-time" } @@ -357,8 +416,10 @@ "additionalProperties": false }, "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -368,19 +429,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, diff --git a/schema/networking.gke.io/managedcertificate_v1beta1.json b/schema/networking.gke.io/managedcertificate_v1beta1.json index 8be2a7d24..7749143ec 100644 --- a/schema/networking.gke.io/managedcertificate_v1beta1.json +++ b/schema/networking.gke.io/managedcertificate_v1beta1.json @@ -1,25 +1,16 @@ { "type": "object", "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "metadata": { - "type": "object" - }, "spec": { "type": "object", - "required": [ - "domains" - ], "properties": { "domains": { "type": "array", + "maxItems": 1, "items": { - "type": "string" + "type": "string", + "maxLength": 63, + "pattern": "^(([a-z0-9]+|[a-z0-9][-a-z0-9]*[a-z0-9])\\.)+[a-z][-a-z0-9]*[a-z0-9]$" } } }, @@ -27,9 +18,6 @@ }, "status": { "type": "object", - "required": [ - "domainStatus" - ], "properties": { "certificateName": { "type": "string" @@ -57,7 +45,8 @@ } }, "expireTime": { - "type": "string" + "type": "string", + "format": "date-time" } }, "additionalProperties": false diff --git a/schema/networking.gke.io/managedcertificate_v1beta2.json b/schema/networking.gke.io/managedcertificate_v1beta2.json index 8be2a7d24..c0e522887 100644 --- a/schema/networking.gke.io/managedcertificate_v1beta2.json +++ b/schema/networking.gke.io/managedcertificate_v1beta2.json @@ -1,25 +1,16 @@ { "type": "object", "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "metadata": { - "type": "object" - }, "spec": { "type": "object", - "required": [ - "domains" - ], "properties": { "domains": { "type": "array", + "maxItems": 100, "items": { - "type": "string" + "type": "string", + "maxLength": 63, + "pattern": "^(([a-z0-9]+|[a-z0-9][-a-z0-9]*[a-z0-9])\\.)+[a-z][-a-z0-9]*[a-z0-9]$" } } }, @@ -27,9 +18,6 @@ }, "status": { "type": "object", - "required": [ - "domainStatus" - ], "properties": { "certificateName": { "type": "string" @@ -57,7 +45,8 @@ } }, "expireTime": { - "type": "string" + "type": "string", + "format": "date-time" } }, "additionalProperties": false diff --git a/schema/notification.fluxcd.io/alert_v1alpha1.json b/schema/notification.fluxcd.io/alert_v1alpha1.json index ff2aaecde..147ac7174 100644 --- a/schema/notification.fluxcd.io/alert_v1alpha1.json +++ b/schema/notification.fluxcd.io/alert_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Alert is the Schema for the alerts API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AlertSpec defines an alerting rule for events involving a list of objects", "type": "object", "required": [ "eventSources", @@ -18,6 +22,7 @@ ], "properties": { "eventSeverity": { + "description": "Filter events based on severity, defaults to ('info').", "type": "string", "enum": [ "info", @@ -25,17 +30,21 @@ ] }, "eventSources": { + "description": "Filter events based on the involved objects", "type": "array", "items": { + "description": "CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level", "type": "object", "required": [ "name" ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string", "enum": [ "GitRepository", @@ -46,9 +55,11 @@ ] }, "name": { + "description": "Name of the referent", "type": "string" }, "namespace": { + "description": "Namespace of the referent", "type": "string" } }, @@ -56,26 +67,31 @@ } }, "providerRef": { + "description": "Send events using this provider", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent events dispatching. Defaults to false.", "type": "boolean" } }, "additionalProperties": false }, "status": { + "description": "AlertStatus defines the observed state of Alert", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a notification object.", "type": "object", "required": [ "status", @@ -83,19 +99,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, diff --git a/schema/notification.fluxcd.io/provider_v1alpha1.json b/schema/notification.fluxcd.io/provider_v1alpha1.json index f85e4612f..ef8ded1d2 100644 --- a/schema/notification.fluxcd.io/provider_v1alpha1.json +++ b/schema/notification.fluxcd.io/provider_v1alpha1.json @@ -1,37 +1,46 @@ { + "description": "Provider is the Schema for the providers API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ProviderSpec defines the desired state of Provider", "type": "object", "required": [ "type" ], "properties": { "address": { + "description": "HTTP(S) webhook address of this provider", "type": "string" }, "channel": { + "description": "Alert channel for this provider", "type": "string" }, "secretRef": { + "description": "Secret reference containing the provider webhook URL", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "type": { + "description": "Type of provider", "type": "string", "enum": [ "slack", @@ -42,17 +51,20 @@ ] }, "username": { + "description": "Bot username for this provider", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "ProviderStatus defines the observed state of Provider", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a notification object.", "type": "object", "required": [ "status", @@ -60,19 +72,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, diff --git a/schema/notification.fluxcd.io/receiver_v1alpha1.json b/schema/notification.fluxcd.io/receiver_v1alpha1.json index eff26866c..b99a559b5 100644 --- a/schema/notification.fluxcd.io/receiver_v1alpha1.json +++ b/schema/notification.fluxcd.io/receiver_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Receiver is the Schema for the receivers API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ReceiverSpec defines the desired state of Receiver", "type": "object", "required": [ "resources", @@ -18,23 +22,28 @@ ], "properties": { "events": { + "description": "A list of events to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab.", "type": "array", "items": { "type": "string" } }, "resources": { + "description": "A list of resources to be notified about changes.", "type": "array", "items": { + "description": "CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level", "type": "object", "required": [ "name" ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string", "enum": [ "GitRepository", @@ -45,9 +54,11 @@ ] }, "name": { + "description": "Name of the referent", "type": "string" }, "namespace": { + "description": "Namespace of the referent", "type": "string" } }, @@ -55,18 +66,22 @@ } }, "secretRef": { + "description": "Secret reference containing the token used to validate the payload authenticity", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent events handling. Defaults to false.", "type": "boolean" }, "type": { + "description": "Type of webhook sender, used to determine the validation procedure and payload deserialization.", "type": "string", "enum": [ "generic", @@ -80,11 +95,13 @@ "additionalProperties": false }, "status": { + "description": "ReceiverStatus defines the observed state of Receiver", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a notification object.", "type": "object", "required": [ "status", @@ -92,19 +109,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -112,6 +134,7 @@ } }, "url": { + "description": "Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.", "type": "string" } }, diff --git a/schema/notification.toolkit.fluxcd.io/alert_v1alpha1.json b/schema/notification.toolkit.fluxcd.io/alert_v1alpha1.json index de03cc851..eb5b613a7 100644 --- a/schema/notification.toolkit.fluxcd.io/alert_v1alpha1.json +++ b/schema/notification.toolkit.fluxcd.io/alert_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Alert is the Schema for the alerts API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "AlertSpec defines an alerting rule for events involving a list of objects", "type": "object", "required": [ "eventSources", @@ -18,6 +22,7 @@ ], "properties": { "eventSeverity": { + "description": "Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered.", "type": "string", "default": "info", "enum": [ @@ -26,17 +31,21 @@ ] }, "eventSources": { + "description": "Filter events based on the involved objects", "type": "array", "items": { + "description": "CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level", "type": "object", "required": [ "name" ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string", "enum": [ "Bucket", @@ -48,9 +57,11 @@ ] }, "name": { + "description": "Name of the referent", "type": "string" }, "namespace": { + "description": "Namespace of the referent", "type": "string" } }, @@ -58,26 +69,31 @@ } }, "providerRef": { + "description": "Send events using this provider", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent events dispatching. Defaults to false.", "type": "boolean" } }, "additionalProperties": false }, "status": { + "description": "AlertStatus defines the observed state of Alert", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a notification object.", "type": "object", "required": [ "status", @@ -85,19 +101,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, diff --git a/schema/notification.toolkit.fluxcd.io/provider_v1alpha1.json b/schema/notification.toolkit.fluxcd.io/provider_v1alpha1.json index 9f6f8f7d1..113d02392 100644 --- a/schema/notification.toolkit.fluxcd.io/provider_v1alpha1.json +++ b/schema/notification.toolkit.fluxcd.io/provider_v1alpha1.json @@ -1,37 +1,46 @@ { + "description": "Provider is the Schema for the providers API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ProviderSpec defines the desired state of Provider", "type": "object", "required": [ "type" ], "properties": { "address": { + "description": "HTTP(S) webhook address of this provider", "type": "string" }, "channel": { + "description": "Alert channel for this provider", "type": "string" }, "secretRef": { + "description": "Secret reference containing the provider webhook URL", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "type": { + "description": "Type of provider", "type": "string", "enum": [ "slack", @@ -44,17 +53,20 @@ ] }, "username": { + "description": "Bot username for this provider", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "ProviderStatus defines the observed state of Provider", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a notification object.", "type": "object", "required": [ "status", @@ -62,19 +74,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, diff --git a/schema/notification.toolkit.fluxcd.io/receiver_v1alpha1.json b/schema/notification.toolkit.fluxcd.io/receiver_v1alpha1.json index 3824b115f..db92cbec9 100644 --- a/schema/notification.toolkit.fluxcd.io/receiver_v1alpha1.json +++ b/schema/notification.toolkit.fluxcd.io/receiver_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Receiver is the Schema for the receivers API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ReceiverSpec defines the desired state of Receiver", "type": "object", "required": [ "resources", @@ -18,23 +22,28 @@ ], "properties": { "events": { + "description": "A list of events to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab.", "type": "array", "items": { "type": "string" } }, "resources": { + "description": "A list of resources to be notified about changes.", "type": "array", "items": { + "description": "CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level", "type": "object", "required": [ "name" ], "properties": { "apiVersion": { + "description": "API version of the referent", "type": "string" }, "kind": { + "description": "Kind of the referent", "type": "string", "enum": [ "Bucket", @@ -46,9 +55,11 @@ ] }, "name": { + "description": "Name of the referent", "type": "string" }, "namespace": { + "description": "Namespace of the referent", "type": "string" } }, @@ -56,18 +67,22 @@ } }, "secretRef": { + "description": "Secret reference containing the token used to validate the payload authenticity", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "suspend": { + "description": "This flag tells the controller to suspend subsequent events handling. Defaults to false.", "type": "boolean" }, "type": { + "description": "Type of webhook sender, used to determine the validation procedure and payload deserialization.", "type": "string", "enum": [ "generic", @@ -81,11 +96,13 @@ "additionalProperties": false }, "status": { + "description": "ReceiverStatus defines the observed state of Receiver", "type": "object", "properties": { "conditions": { "type": "array", "items": { + "description": "Condition contains condition information for a notification object.", "type": "object", "required": [ "status", @@ -93,19 +110,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -113,6 +135,7 @@ } }, "url": { + "description": "Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'.", "type": "string" } }, diff --git a/schema/opentofu.upbound.io/storeconfig_v1beta1.json b/schema/opentofu.upbound.io/storeconfig_v1beta1.json index e484ffbeb..04385653a 100644 --- a/schema/opentofu.upbound.io/storeconfig_v1beta1.json +++ b/schema/opentofu.upbound.io/storeconfig_v1beta1.json @@ -1,64 +1,76 @@ { + "description": "A StoreConfig configures how the controller should store connection details.", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "A StoreConfigSpec defines the desired state of a ProviderConfig.", "type": "object", "required": [ "defaultScope" ], "properties": { "defaultScope": { + "description": "DefaultScope used for scoping secrets for \"cluster-scoped\" resources.\nIf store type is \"Kubernetes\", this would mean the default namespace to\nstore connection secrets for cluster scoped resources.\nIn case of \"Vault\", this would be used as the default parent path.\nTypically, should be set as Crossplane installation namespace.", "type": "string" }, "kubernetes": { + "description": "Kubernetes configures a Kubernetes secret store.\nIf the \"type\" is \"Kubernetes\" but no config provided, in cluster config\nwill be used.", "type": "object", "required": [ "auth" ], "properties": { "auth": { + "description": "Credentials used to connect to the Kubernetes API.", "type": "object", "required": [ "source" ], "properties": { "env": { + "description": "Env is a reference to an environment variable that contains credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name is the name of an environment variable.", "type": "string" } }, "additionalProperties": false }, "fs": { + "description": "Fs is a reference to a filesystem location that contains credentials that\nmust be used to connect to the provider.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "Path is a filesystem path.", "type": "string" } }, "additionalProperties": false }, "secretRef": { + "description": "A SecretRef is a reference to a secret key that contains the credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "key", @@ -67,18 +79,22 @@ ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, "additionalProperties": false }, "source": { + "description": "Source of the credentials.", "type": "string", "enum": [ "None", @@ -94,9 +110,11 @@ "additionalProperties": false }, "plugin": { + "description": "Plugin configures External secret store as a plugin.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef contains store config reference info.", "type": "object", "required": [ "apiVersion", @@ -105,24 +123,29 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the referenced config.", "type": "string" }, "kind": { + "description": "Kind of the referenced config.", "type": "string" }, "name": { + "description": "Name of the referenced config.", "type": "string" } }, "additionalProperties": false }, "endpoint": { + "description": "Endpoint is the endpoint of the gRPC server.", "type": "string" } }, "additionalProperties": false }, "type": { + "description": "Type configures which secret store to be used. Only the configuration\nblock for this store will be used and others will be ignored if provided.\nDefault is Kubernetes.", "type": "string", "default": "Kubernetes", "enum": [ @@ -135,11 +158,14 @@ "additionalProperties": false }, "status": { + "description": "A StoreConfigStatus represents the status of a StoreConfig.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -149,23 +175,29 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "type": "integer", "format": "int64" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, diff --git a/schema/operator.cluster.x-k8s.io/bootstrapprovider_v1alpha1.json b/schema/operator.cluster.x-k8s.io/bootstrapprovider_v1alpha1.json index c987e36d7..1208db96b 100644 --- a/schema/operator.cluster.x-k8s.io/bootstrapprovider_v1alpha1.json +++ b/schema/operator.cluster.x-k8s.io/bootstrapprovider_v1alpha1.json @@ -1,781 +1,936 @@ { + "description": "BootstrapProvider is the Schema for the bootstrapproviders API.\n\nDeprecated: This type will be removed in one of the next releases.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "BootstrapProviderSpec defines the desired state of BootstrapProvider.", + "type": "object", "properties": { "additionalManifests": { - "additionalProperties": false, + "description": "AdditionalManifests is reference to configmap that contains additional manifests that will be applied\ntogether with the provider components. The key for storing these manifests has to be `manifests`.\nThe manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the\nnamespace of the provider will be used. There is no validation of the yaml content inside the configmap.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name defines the name of the configmap.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the configmap.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "deployment": { - "additionalProperties": false, + "description": "Deployment defines the properties that can be enabled on the deployment for the provider.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "containers": { + "description": "List of containers specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerSpec defines the properties available to override for each\ncontainer in a provider deployment such as Image and Args to the container’s\nentrypoint.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Args represents extra provider specific flags that are not encoded as fields in this API.\nExplicit controller manager properties defined in the `Provider.ManagerSpec`\nwill have higher precedence than those defined in `ContainerSpec.Args`.\nFor example, `ManagerSpec.SyncPeriod` will be used instead of the\ncontainer arg `--sync-period` if both are defined.\nThe same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "command": { + "description": "Command allows override container's entrypoint array.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -784,95 +939,105 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { - "additionalProperties": false, + "description": "Container Image Name", + "type": "object", "properties": { "name": { + "description": "Name allows to specify a name for the image.", "type": "string" }, "repository": { + "description": "Repository sets the container registry to pull images from.", "type": "string" }, "tag": { + "description": "Tag allows to specify a tag for the image.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container. Cannot be updated.", "type": "string" }, "resources": { - "additionalProperties": false, + "description": "Compute resources required by this container.", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -881,13 +1046,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -896,321 +1062,381 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "imagePullSecrets": { + "description": "List of image pull secrets specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "replicas": { - "minimum": 0, - "type": "integer" + "description": "Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", + "type": "integer", + "minimum": 0 }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "fetchConfig": { - "additionalProperties": false, + "description": "FetchConfig determines how the operator will fetch the components and metadata for the provider.\nIf nil, the operator will try to fetch components according to default\nembedded fetch configuration for the given kind and `ObjectMeta.Name`.\nFor example, the infrastructure name `aws` will fetch artifacts from\nhttps://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.", + "type": "object", "properties": { "selector": { - "additionalProperties": false, + "description": "Selector to be used for fetching provider’s components and metadata from\nConfigMaps stored inside the cluster. Each ConfigMap is expected to contain\ncomponents and metadata for a specific version only.\nNote: the name of the ConfigMap should be set to the version or to override this\nadd a label like the following: provider.cluster.x-k8s.io/version=v1.4.3", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "url": { + "description": "URL to be used for fetching the provider’s components and metadata from a remote Github repository.\nFor example, https://github.com/{owner}/{repository}/releases\nYou must set `providerSpec.Version` field for operator to pick up\ndesired version of the release from GitHub.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "manager": { - "additionalProperties": false, + "description": "Manager defines the properties that can be enabled on the controller manager for the provider.", + "type": "object", "properties": { "cacheNamespace": { + "description": "CacheNamespace if specified restricts the manager's cache to watch objects in\nthe desired namespace Defaults to all namespaces\n\nNote: If a namespace is specified, controllers can still Watch for a\ncluster-scoped resource (e.g Node). For namespaced resources the cache\nwill only hold objects from the desired namespace.", "type": "string" }, "controller": { - "additionalProperties": false, + "description": "Controller contains global configuration options for controllers\nregistered within this manager.", + "type": "object", "properties": { "cacheSyncTimeout": { - "format": "int64", - "type": "integer" + "description": "CacheSyncTimeout refers to the time limit set to wait for syncing caches.\nDefaults to 2 minutes if not set.", + "type": "integer", + "format": "int64" }, "groupKindConcurrency": { + "description": "GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation\nallowed for that controller.\n\nWhen a controller is registered within this manager using the builder utilities,\nusers have to specify the type the controller reconciles in the For(...) call.\nIf the object's kind passed matches one of the keys in this map, the concurrency\nfor that controller is set to the number specified.\n\nThe key is expected to be consistent in form with GroupKind.String(),\ne.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.", + "type": "object", "additionalProperties": { "type": "integer" - }, - "type": "object" + } }, "recoverPanic": { + "description": "RecoverPanic indicates if panics should be recovered.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "featureGates": { + "description": "FeatureGates define provider specific feature flags that will be passed\nin as container args to the provider's controller manager.\nController Manager flag is --feature-gates.", + "type": "object", "additionalProperties": { "type": "boolean" - }, - "type": "object" + } }, "gracefulShutDown": { + "description": "GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.\nTo disable graceful shutdown, set to time.Duration(0)\nTo use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)\nThe graceful shutdown is skipped for safety reasons in case the leader election lease is lost.", "type": "string" }, "health": { - "additionalProperties": false, + "description": "Health contains the controller health configuration", + "type": "object", "properties": { "healthProbeBindAddress": { + "description": "HealthProbeBindAddress is the TCP address that the controller should bind to\nfor serving health probes\nIt can be set to \"0\" or \"\" to disable serving the health probe.", "type": "string" }, "livenessEndpointName": { + "description": "LivenessEndpointName, defaults to \"healthz\"", "type": "string" }, "readinessEndpointName": { + "description": "ReadinessEndpointName, defaults to \"readyz\"", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "leaderElection": { - "additionalProperties": false, + "description": "LeaderElection is the LeaderElection config to be used when configuring\nthe manager.Manager leader election", + "type": "object", + "required": [ + "leaderElect", + "leaseDuration", + "renewDeadline", + "resourceLock", + "resourceName", + "resourceNamespace", + "retryPeriod" + ], "properties": { "leaderElect": { + "description": "leaderElect enables a leader election client to gain leadership\nbefore executing the main loop. Enable this when running replicated\ncomponents for high availability.", "type": "boolean" }, "leaseDuration": { + "description": "leaseDuration is the duration that non-leader candidates will wait\nafter observing a leadership renewal until attempting to acquire\nleadership of a led but unrenewed leader slot. This is effectively the\nmaximum duration that a leader can be stopped before it is replaced\nby another candidate. This is only applicable if leader election is\nenabled.", "type": "string" }, "renewDeadline": { + "description": "renewDeadline is the interval between attempts by the acting master to\nrenew a leadership slot before it stops leading. This must be less\nthan or equal to the lease duration. This is only applicable if leader\nelection is enabled.", "type": "string" }, "resourceLock": { + "description": "resourceLock indicates the resource object type that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceName": { + "description": "resourceName indicates the name of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceNamespace": { + "description": "resourceName indicates the namespace of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "retryPeriod": { + "description": "retryPeriod is the duration the clients should wait between attempting\nacquisition and renewal of a leadership. This is only applicable if\nleader election is enabled.", "type": "string" } }, - "required": [ - "leaderElect", - "leaseDuration", - "renewDeadline", - "resourceLock", - "resourceName", - "resourceNamespace", - "retryPeriod" - ], - "type": "object" + "additionalProperties": false }, "maxConcurrentReconciles": { - "minimum": 1, - "type": "integer" + "description": "MaxConcurrentReconciles is the maximum number of concurrent Reconciles\nwhich can be run.", + "type": "integer", + "minimum": 1 }, "metrics": { - "additionalProperties": false, + "description": "Metrics contains thw controller metrics configuration", + "type": "object", "properties": { "bindAddress": { + "description": "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "profilerAddress": { + "description": "ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).\nDefault empty, meaning the profiler is disabled.\nController Manager flag is --profiler-address.", "type": "string" }, "syncPeriod": { + "description": "SyncPeriod determines the minimum frequency at which watched resources are\nreconciled. A lower period will correct entropy more quickly, but reduce\nresponsiveness to change if there are many watched resources. Change this\nvalue only if you know what you are doing. Defaults to 10 hours if unset.\nthere will a 10 percent jitter between the SyncPeriod of all controllers\nso that all controllers will not send list requests simultaneously.", "type": "string" }, "verbosity": { + "description": "Verbosity set the logs verbosity. Defaults to 1.\nController Manager flag is --verbosity.", + "type": "integer", "default": 1, - "minimum": 0, - "type": "integer" + "minimum": 0 }, "webhook": { - "additionalProperties": false, + "description": "Webhook contains the controllers webhook configuration", + "type": "object", "properties": { "certDir": { + "description": "CertDir is the directory that contains the server key and certificate.\nif not set, webhook server would look up the server key and certificate in\n{TempDir}/k8s-webhook-server/serving-certs. The server key and certificate\nmust be named tls.key and tls.crt, respectively.", "type": "string" }, "host": { + "description": "Host is the hostname that the webhook server binds to.\nIt is used to set webhook.Server.Host.", "type": "string" }, "port": { + "description": "Port is the port that the webhook server serves at.\nIt is used to set webhook.Server.Port.", "type": "integer" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "secretName": { + "description": "SecretName is the name of the Secret providing the configuration\nvariables for the current provider instance, like e.g. credentials.\nSuch configurations will be used when creating or upgrading provider components.\nThe contents of the secret will be treated as immutable. If changes need\nto be made, a new object can be created and the name should be updated.\nThe contents should be in the form of key:value. This secret must be in\nthe same namespace as the provider.", "type": "string" }, "secretNamespace": { + "description": "SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,\nthe namespace of the provider will be used.", "type": "string" }, "version": { + "description": "Version indicates the provider version.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "BootstrapProviderStatus defines the observed state of BootstrapProvider.", + "type": "object", "properties": { "conditions": { + "description": "Conditions define the current service state of the provider.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition defines an observation of a Cluster API resource operational state.", + "type": "object", + "required": [ + "lastTransitionTime", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis field may be empty.", + "type": "string", "maxLength": 10240, - "minLength": 1, - "type": "string" + "minLength": 1 }, "reason": { + "description": "reason is the reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 }, "severity": { - "maxLength": 32, - "type": "string" + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "type": "string", + "maxLength": 32 }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 } }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "contract": { + "description": "Contract will contain the core provider contract that the provider is\nabiding by, like e.g. v1alpha4.", "type": "string" }, "installedVersion": { + "description": "InstalledVersion is the version of the provider that is installed.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "ObservedGeneration is the latest generation observed by the controller.", + "type": "integer", + "format": "int64" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/operator.cluster.x-k8s.io/controlplaneprovider_v1alpha1.json b/schema/operator.cluster.x-k8s.io/controlplaneprovider_v1alpha1.json index c987e36d7..6995984ca 100644 --- a/schema/operator.cluster.x-k8s.io/controlplaneprovider_v1alpha1.json +++ b/schema/operator.cluster.x-k8s.io/controlplaneprovider_v1alpha1.json @@ -1,781 +1,936 @@ { + "description": "ControlPlaneProvider is the Schema for the controlplaneproviders API.\n\nDeprecated: This type will be removed in one of the next releases.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider.", + "type": "object", "properties": { "additionalManifests": { - "additionalProperties": false, + "description": "AdditionalManifests is reference to configmap that contains additional manifests that will be applied\ntogether with the provider components. The key for storing these manifests has to be `manifests`.\nThe manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the\nnamespace of the provider will be used. There is no validation of the yaml content inside the configmap.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name defines the name of the configmap.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the configmap.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "deployment": { - "additionalProperties": false, + "description": "Deployment defines the properties that can be enabled on the deployment for the provider.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "containers": { + "description": "List of containers specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerSpec defines the properties available to override for each\ncontainer in a provider deployment such as Image and Args to the container’s\nentrypoint.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Args represents extra provider specific flags that are not encoded as fields in this API.\nExplicit controller manager properties defined in the `Provider.ManagerSpec`\nwill have higher precedence than those defined in `ContainerSpec.Args`.\nFor example, `ManagerSpec.SyncPeriod` will be used instead of the\ncontainer arg `--sync-period` if both are defined.\nThe same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "command": { + "description": "Command allows override container's entrypoint array.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -784,95 +939,105 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { - "additionalProperties": false, + "description": "Container Image Name", + "type": "object", "properties": { "name": { + "description": "Name allows to specify a name for the image.", "type": "string" }, "repository": { + "description": "Repository sets the container registry to pull images from.", "type": "string" }, "tag": { + "description": "Tag allows to specify a tag for the image.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container. Cannot be updated.", "type": "string" }, "resources": { - "additionalProperties": false, + "description": "Compute resources required by this container.", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -881,13 +1046,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -896,321 +1062,381 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "imagePullSecrets": { + "description": "List of image pull secrets specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "replicas": { - "minimum": 0, - "type": "integer" + "description": "Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", + "type": "integer", + "minimum": 0 }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "fetchConfig": { - "additionalProperties": false, + "description": "FetchConfig determines how the operator will fetch the components and metadata for the provider.\nIf nil, the operator will try to fetch components according to default\nembedded fetch configuration for the given kind and `ObjectMeta.Name`.\nFor example, the infrastructure name `aws` will fetch artifacts from\nhttps://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.", + "type": "object", "properties": { "selector": { - "additionalProperties": false, + "description": "Selector to be used for fetching provider’s components and metadata from\nConfigMaps stored inside the cluster. Each ConfigMap is expected to contain\ncomponents and metadata for a specific version only.\nNote: the name of the ConfigMap should be set to the version or to override this\nadd a label like the following: provider.cluster.x-k8s.io/version=v1.4.3", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "url": { + "description": "URL to be used for fetching the provider’s components and metadata from a remote Github repository.\nFor example, https://github.com/{owner}/{repository}/releases\nYou must set `providerSpec.Version` field for operator to pick up\ndesired version of the release from GitHub.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "manager": { - "additionalProperties": false, + "description": "Manager defines the properties that can be enabled on the controller manager for the provider.", + "type": "object", "properties": { "cacheNamespace": { + "description": "CacheNamespace if specified restricts the manager's cache to watch objects in\nthe desired namespace Defaults to all namespaces\n\nNote: If a namespace is specified, controllers can still Watch for a\ncluster-scoped resource (e.g Node). For namespaced resources the cache\nwill only hold objects from the desired namespace.", "type": "string" }, "controller": { - "additionalProperties": false, + "description": "Controller contains global configuration options for controllers\nregistered within this manager.", + "type": "object", "properties": { "cacheSyncTimeout": { - "format": "int64", - "type": "integer" + "description": "CacheSyncTimeout refers to the time limit set to wait for syncing caches.\nDefaults to 2 minutes if not set.", + "type": "integer", + "format": "int64" }, "groupKindConcurrency": { + "description": "GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation\nallowed for that controller.\n\nWhen a controller is registered within this manager using the builder utilities,\nusers have to specify the type the controller reconciles in the For(...) call.\nIf the object's kind passed matches one of the keys in this map, the concurrency\nfor that controller is set to the number specified.\n\nThe key is expected to be consistent in form with GroupKind.String(),\ne.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.", + "type": "object", "additionalProperties": { "type": "integer" - }, - "type": "object" + } }, "recoverPanic": { + "description": "RecoverPanic indicates if panics should be recovered.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "featureGates": { + "description": "FeatureGates define provider specific feature flags that will be passed\nin as container args to the provider's controller manager.\nController Manager flag is --feature-gates.", + "type": "object", "additionalProperties": { "type": "boolean" - }, - "type": "object" + } }, "gracefulShutDown": { + "description": "GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.\nTo disable graceful shutdown, set to time.Duration(0)\nTo use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)\nThe graceful shutdown is skipped for safety reasons in case the leader election lease is lost.", "type": "string" }, "health": { - "additionalProperties": false, + "description": "Health contains the controller health configuration", + "type": "object", "properties": { "healthProbeBindAddress": { + "description": "HealthProbeBindAddress is the TCP address that the controller should bind to\nfor serving health probes\nIt can be set to \"0\" or \"\" to disable serving the health probe.", "type": "string" }, "livenessEndpointName": { + "description": "LivenessEndpointName, defaults to \"healthz\"", "type": "string" }, "readinessEndpointName": { + "description": "ReadinessEndpointName, defaults to \"readyz\"", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "leaderElection": { - "additionalProperties": false, + "description": "LeaderElection is the LeaderElection config to be used when configuring\nthe manager.Manager leader election", + "type": "object", + "required": [ + "leaderElect", + "leaseDuration", + "renewDeadline", + "resourceLock", + "resourceName", + "resourceNamespace", + "retryPeriod" + ], "properties": { "leaderElect": { + "description": "leaderElect enables a leader election client to gain leadership\nbefore executing the main loop. Enable this when running replicated\ncomponents for high availability.", "type": "boolean" }, "leaseDuration": { + "description": "leaseDuration is the duration that non-leader candidates will wait\nafter observing a leadership renewal until attempting to acquire\nleadership of a led but unrenewed leader slot. This is effectively the\nmaximum duration that a leader can be stopped before it is replaced\nby another candidate. This is only applicable if leader election is\nenabled.", "type": "string" }, "renewDeadline": { + "description": "renewDeadline is the interval between attempts by the acting master to\nrenew a leadership slot before it stops leading. This must be less\nthan or equal to the lease duration. This is only applicable if leader\nelection is enabled.", "type": "string" }, "resourceLock": { + "description": "resourceLock indicates the resource object type that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceName": { + "description": "resourceName indicates the name of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceNamespace": { + "description": "resourceName indicates the namespace of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "retryPeriod": { + "description": "retryPeriod is the duration the clients should wait between attempting\nacquisition and renewal of a leadership. This is only applicable if\nleader election is enabled.", "type": "string" } }, - "required": [ - "leaderElect", - "leaseDuration", - "renewDeadline", - "resourceLock", - "resourceName", - "resourceNamespace", - "retryPeriod" - ], - "type": "object" + "additionalProperties": false }, "maxConcurrentReconciles": { - "minimum": 1, - "type": "integer" + "description": "MaxConcurrentReconciles is the maximum number of concurrent Reconciles\nwhich can be run.", + "type": "integer", + "minimum": 1 }, "metrics": { - "additionalProperties": false, + "description": "Metrics contains thw controller metrics configuration", + "type": "object", "properties": { "bindAddress": { + "description": "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "profilerAddress": { + "description": "ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).\nDefault empty, meaning the profiler is disabled.\nController Manager flag is --profiler-address.", "type": "string" }, "syncPeriod": { + "description": "SyncPeriod determines the minimum frequency at which watched resources are\nreconciled. A lower period will correct entropy more quickly, but reduce\nresponsiveness to change if there are many watched resources. Change this\nvalue only if you know what you are doing. Defaults to 10 hours if unset.\nthere will a 10 percent jitter between the SyncPeriod of all controllers\nso that all controllers will not send list requests simultaneously.", "type": "string" }, "verbosity": { + "description": "Verbosity set the logs verbosity. Defaults to 1.\nController Manager flag is --verbosity.", + "type": "integer", "default": 1, - "minimum": 0, - "type": "integer" + "minimum": 0 }, "webhook": { - "additionalProperties": false, + "description": "Webhook contains the controllers webhook configuration", + "type": "object", "properties": { "certDir": { + "description": "CertDir is the directory that contains the server key and certificate.\nif not set, webhook server would look up the server key and certificate in\n{TempDir}/k8s-webhook-server/serving-certs. The server key and certificate\nmust be named tls.key and tls.crt, respectively.", "type": "string" }, "host": { + "description": "Host is the hostname that the webhook server binds to.\nIt is used to set webhook.Server.Host.", "type": "string" }, "port": { + "description": "Port is the port that the webhook server serves at.\nIt is used to set webhook.Server.Port.", "type": "integer" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "secretName": { + "description": "SecretName is the name of the Secret providing the configuration\nvariables for the current provider instance, like e.g. credentials.\nSuch configurations will be used when creating or upgrading provider components.\nThe contents of the secret will be treated as immutable. If changes need\nto be made, a new object can be created and the name should be updated.\nThe contents should be in the form of key:value. This secret must be in\nthe same namespace as the provider.", "type": "string" }, "secretNamespace": { + "description": "SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,\nthe namespace of the provider will be used.", "type": "string" }, "version": { + "description": "Version indicates the provider version.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "ControlPlaneProviderStatus defines the observed state of ControlPlaneProvider.", + "type": "object", "properties": { "conditions": { + "description": "Conditions define the current service state of the provider.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition defines an observation of a Cluster API resource operational state.", + "type": "object", + "required": [ + "lastTransitionTime", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis field may be empty.", + "type": "string", "maxLength": 10240, - "minLength": 1, - "type": "string" + "minLength": 1 }, "reason": { + "description": "reason is the reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 }, "severity": { - "maxLength": 32, - "type": "string" + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "type": "string", + "maxLength": 32 }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 } }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "contract": { + "description": "Contract will contain the core provider contract that the provider is\nabiding by, like e.g. v1alpha4.", "type": "string" }, "installedVersion": { + "description": "InstalledVersion is the version of the provider that is installed.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "ObservedGeneration is the latest generation observed by the controller.", + "type": "integer", + "format": "int64" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/operator.cluster.x-k8s.io/coreprovider_v1alpha1.json b/schema/operator.cluster.x-k8s.io/coreprovider_v1alpha1.json index c987e36d7..be23b9f89 100644 --- a/schema/operator.cluster.x-k8s.io/coreprovider_v1alpha1.json +++ b/schema/operator.cluster.x-k8s.io/coreprovider_v1alpha1.json @@ -1,781 +1,936 @@ { + "description": "CoreProvider is the Schema for the coreproviders API.\n\nDeprecated: This type will be removed in one of the next releases.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "CoreProviderSpec defines the desired state of CoreProvider.", + "type": "object", "properties": { "additionalManifests": { - "additionalProperties": false, + "description": "AdditionalManifests is reference to configmap that contains additional manifests that will be applied\ntogether with the provider components. The key for storing these manifests has to be `manifests`.\nThe manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the\nnamespace of the provider will be used. There is no validation of the yaml content inside the configmap.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name defines the name of the configmap.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the configmap.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "deployment": { - "additionalProperties": false, + "description": "Deployment defines the properties that can be enabled on the deployment for the provider.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "containers": { + "description": "List of containers specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerSpec defines the properties available to override for each\ncontainer in a provider deployment such as Image and Args to the container’s\nentrypoint.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Args represents extra provider specific flags that are not encoded as fields in this API.\nExplicit controller manager properties defined in the `Provider.ManagerSpec`\nwill have higher precedence than those defined in `ContainerSpec.Args`.\nFor example, `ManagerSpec.SyncPeriod` will be used instead of the\ncontainer arg `--sync-period` if both are defined.\nThe same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "command": { + "description": "Command allows override container's entrypoint array.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -784,95 +939,105 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { - "additionalProperties": false, + "description": "Container Image Name", + "type": "object", "properties": { "name": { + "description": "Name allows to specify a name for the image.", "type": "string" }, "repository": { + "description": "Repository sets the container registry to pull images from.", "type": "string" }, "tag": { + "description": "Tag allows to specify a tag for the image.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container. Cannot be updated.", "type": "string" }, "resources": { - "additionalProperties": false, + "description": "Compute resources required by this container.", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -881,13 +1046,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -896,321 +1062,381 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "imagePullSecrets": { + "description": "List of image pull secrets specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "replicas": { - "minimum": 0, - "type": "integer" + "description": "Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", + "type": "integer", + "minimum": 0 }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "fetchConfig": { - "additionalProperties": false, + "description": "FetchConfig determines how the operator will fetch the components and metadata for the provider.\nIf nil, the operator will try to fetch components according to default\nembedded fetch configuration for the given kind and `ObjectMeta.Name`.\nFor example, the infrastructure name `aws` will fetch artifacts from\nhttps://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.", + "type": "object", "properties": { "selector": { - "additionalProperties": false, + "description": "Selector to be used for fetching provider’s components and metadata from\nConfigMaps stored inside the cluster. Each ConfigMap is expected to contain\ncomponents and metadata for a specific version only.\nNote: the name of the ConfigMap should be set to the version or to override this\nadd a label like the following: provider.cluster.x-k8s.io/version=v1.4.3", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "url": { + "description": "URL to be used for fetching the provider’s components and metadata from a remote Github repository.\nFor example, https://github.com/{owner}/{repository}/releases\nYou must set `providerSpec.Version` field for operator to pick up\ndesired version of the release from GitHub.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "manager": { - "additionalProperties": false, + "description": "Manager defines the properties that can be enabled on the controller manager for the provider.", + "type": "object", "properties": { "cacheNamespace": { + "description": "CacheNamespace if specified restricts the manager's cache to watch objects in\nthe desired namespace Defaults to all namespaces\n\nNote: If a namespace is specified, controllers can still Watch for a\ncluster-scoped resource (e.g Node). For namespaced resources the cache\nwill only hold objects from the desired namespace.", "type": "string" }, "controller": { - "additionalProperties": false, + "description": "Controller contains global configuration options for controllers\nregistered within this manager.", + "type": "object", "properties": { "cacheSyncTimeout": { - "format": "int64", - "type": "integer" + "description": "CacheSyncTimeout refers to the time limit set to wait for syncing caches.\nDefaults to 2 minutes if not set.", + "type": "integer", + "format": "int64" }, "groupKindConcurrency": { + "description": "GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation\nallowed for that controller.\n\nWhen a controller is registered within this manager using the builder utilities,\nusers have to specify the type the controller reconciles in the For(...) call.\nIf the object's kind passed matches one of the keys in this map, the concurrency\nfor that controller is set to the number specified.\n\nThe key is expected to be consistent in form with GroupKind.String(),\ne.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.", + "type": "object", "additionalProperties": { "type": "integer" - }, - "type": "object" + } }, "recoverPanic": { + "description": "RecoverPanic indicates if panics should be recovered.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "featureGates": { + "description": "FeatureGates define provider specific feature flags that will be passed\nin as container args to the provider's controller manager.\nController Manager flag is --feature-gates.", + "type": "object", "additionalProperties": { "type": "boolean" - }, - "type": "object" + } }, "gracefulShutDown": { + "description": "GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.\nTo disable graceful shutdown, set to time.Duration(0)\nTo use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)\nThe graceful shutdown is skipped for safety reasons in case the leader election lease is lost.", "type": "string" }, "health": { - "additionalProperties": false, + "description": "Health contains the controller health configuration", + "type": "object", "properties": { "healthProbeBindAddress": { + "description": "HealthProbeBindAddress is the TCP address that the controller should bind to\nfor serving health probes\nIt can be set to \"0\" or \"\" to disable serving the health probe.", "type": "string" }, "livenessEndpointName": { + "description": "LivenessEndpointName, defaults to \"healthz\"", "type": "string" }, "readinessEndpointName": { + "description": "ReadinessEndpointName, defaults to \"readyz\"", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "leaderElection": { - "additionalProperties": false, + "description": "LeaderElection is the LeaderElection config to be used when configuring\nthe manager.Manager leader election", + "type": "object", + "required": [ + "leaderElect", + "leaseDuration", + "renewDeadline", + "resourceLock", + "resourceName", + "resourceNamespace", + "retryPeriod" + ], "properties": { "leaderElect": { + "description": "leaderElect enables a leader election client to gain leadership\nbefore executing the main loop. Enable this when running replicated\ncomponents for high availability.", "type": "boolean" }, "leaseDuration": { + "description": "leaseDuration is the duration that non-leader candidates will wait\nafter observing a leadership renewal until attempting to acquire\nleadership of a led but unrenewed leader slot. This is effectively the\nmaximum duration that a leader can be stopped before it is replaced\nby another candidate. This is only applicable if leader election is\nenabled.", "type": "string" }, "renewDeadline": { + "description": "renewDeadline is the interval between attempts by the acting master to\nrenew a leadership slot before it stops leading. This must be less\nthan or equal to the lease duration. This is only applicable if leader\nelection is enabled.", "type": "string" }, "resourceLock": { + "description": "resourceLock indicates the resource object type that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceName": { + "description": "resourceName indicates the name of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceNamespace": { + "description": "resourceName indicates the namespace of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "retryPeriod": { + "description": "retryPeriod is the duration the clients should wait between attempting\nacquisition and renewal of a leadership. This is only applicable if\nleader election is enabled.", "type": "string" } }, - "required": [ - "leaderElect", - "leaseDuration", - "renewDeadline", - "resourceLock", - "resourceName", - "resourceNamespace", - "retryPeriod" - ], - "type": "object" + "additionalProperties": false }, "maxConcurrentReconciles": { - "minimum": 1, - "type": "integer" + "description": "MaxConcurrentReconciles is the maximum number of concurrent Reconciles\nwhich can be run.", + "type": "integer", + "minimum": 1 }, "metrics": { - "additionalProperties": false, + "description": "Metrics contains thw controller metrics configuration", + "type": "object", "properties": { "bindAddress": { + "description": "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "profilerAddress": { + "description": "ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).\nDefault empty, meaning the profiler is disabled.\nController Manager flag is --profiler-address.", "type": "string" }, "syncPeriod": { + "description": "SyncPeriod determines the minimum frequency at which watched resources are\nreconciled. A lower period will correct entropy more quickly, but reduce\nresponsiveness to change if there are many watched resources. Change this\nvalue only if you know what you are doing. Defaults to 10 hours if unset.\nthere will a 10 percent jitter between the SyncPeriod of all controllers\nso that all controllers will not send list requests simultaneously.", "type": "string" }, "verbosity": { + "description": "Verbosity set the logs verbosity. Defaults to 1.\nController Manager flag is --verbosity.", + "type": "integer", "default": 1, - "minimum": 0, - "type": "integer" + "minimum": 0 }, "webhook": { - "additionalProperties": false, + "description": "Webhook contains the controllers webhook configuration", + "type": "object", "properties": { "certDir": { + "description": "CertDir is the directory that contains the server key and certificate.\nif not set, webhook server would look up the server key and certificate in\n{TempDir}/k8s-webhook-server/serving-certs. The server key and certificate\nmust be named tls.key and tls.crt, respectively.", "type": "string" }, "host": { + "description": "Host is the hostname that the webhook server binds to.\nIt is used to set webhook.Server.Host.", "type": "string" }, "port": { + "description": "Port is the port that the webhook server serves at.\nIt is used to set webhook.Server.Port.", "type": "integer" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "secretName": { + "description": "SecretName is the name of the Secret providing the configuration\nvariables for the current provider instance, like e.g. credentials.\nSuch configurations will be used when creating or upgrading provider components.\nThe contents of the secret will be treated as immutable. If changes need\nto be made, a new object can be created and the name should be updated.\nThe contents should be in the form of key:value. This secret must be in\nthe same namespace as the provider.", "type": "string" }, "secretNamespace": { + "description": "SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,\nthe namespace of the provider will be used.", "type": "string" }, "version": { + "description": "Version indicates the provider version.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "CoreProviderStatus defines the observed state of CoreProvider.", + "type": "object", "properties": { "conditions": { + "description": "Conditions define the current service state of the provider.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition defines an observation of a Cluster API resource operational state.", + "type": "object", + "required": [ + "lastTransitionTime", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis field may be empty.", + "type": "string", "maxLength": 10240, - "minLength": 1, - "type": "string" + "minLength": 1 }, "reason": { + "description": "reason is the reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 }, "severity": { - "maxLength": 32, - "type": "string" + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "type": "string", + "maxLength": 32 }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 } }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "contract": { + "description": "Contract will contain the core provider contract that the provider is\nabiding by, like e.g. v1alpha4.", "type": "string" }, "installedVersion": { + "description": "InstalledVersion is the version of the provider that is installed.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "ObservedGeneration is the latest generation observed by the controller.", + "type": "integer", + "format": "int64" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/operator.cluster.x-k8s.io/infrastructureprovider_v1alpha1.json b/schema/operator.cluster.x-k8s.io/infrastructureprovider_v1alpha1.json index c987e36d7..e4a1bd2da 100644 --- a/schema/operator.cluster.x-k8s.io/infrastructureprovider_v1alpha1.json +++ b/schema/operator.cluster.x-k8s.io/infrastructureprovider_v1alpha1.json @@ -1,781 +1,936 @@ { + "description": "InfrastructureProvider is the Schema for the infrastructureproviders API.\n\nDeprecated: This type will be removed in one of the next releases.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "InfrastructureProviderSpec defines the desired state of InfrastructureProvider.", + "type": "object", "properties": { "additionalManifests": { - "additionalProperties": false, + "description": "AdditionalManifests is reference to configmap that contains additional manifests that will be applied\ntogether with the provider components. The key for storing these manifests has to be `manifests`.\nThe manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the\nnamespace of the provider will be used. There is no validation of the yaml content inside the configmap.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name defines the name of the configmap.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the configmap.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "deployment": { - "additionalProperties": false, + "description": "Deployment defines the properties that can be enabled on the deployment for the provider.", + "type": "object", "properties": { "affinity": { - "additionalProperties": false, + "description": "If specified, the pod's scheduling constraints", + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "description": "Describes node affinity scheduling rules for the pod.", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "description": "A node selector term, associated with the corresponding weight.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "weight": { - "format": "int32", - "type": "integer" + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { - "additionalProperties": false, + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "containers": { + "description": "List of containers specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "ContainerSpec defines the properties available to override for each\ncontainer in a provider deployment such as Image and Args to the container’s\nentrypoint.", + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "description": "Args represents extra provider specific flags that are not encoded as fields in this API.\nExplicit controller manager properties defined in the `Provider.ManagerSpec`\nwill have higher precedence than those defined in `ContainerSpec.Args`.\nFor example, `ManagerSpec.SyncPeriod` will be used instead of the\ncontainer arg `--sync-period` if both are defined.\nThe same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "command": { + "description": "Command allows override container's entrypoint array.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "description": "List of environment variables to set in the container.", + "type": "array", "items": { - "additionalProperties": false, + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { - "additionalProperties": false, + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a ConfigMap.", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "additionalProperties": false, + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "additionalProperties": false, + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -784,95 +939,105 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "required": [ - "resource" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { - "additionalProperties": false, + "description": "Selects a key of a secret in the pod's namespace", + "type": "object", + "required": [ + "key" + ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { - "additionalProperties": false, + "description": "Container Image Name", + "type": "object", "properties": { "name": { + "description": "Name allows to specify a name for the image.", "type": "string" }, "repository": { + "description": "Repository sets the container registry to pull images from.", "type": "string" }, "tag": { + "description": "Tag allows to specify a tag for the image.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the container. Cannot be updated.", "type": "string" }, "resources": { - "additionalProperties": false, + "description": "Compute resources required by this container.", + "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "type": "object", + "required": [ + "name" + ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -881,13 +1046,14 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", "additionalProperties": { + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { "type": "integer" @@ -896,321 +1062,381 @@ "type": "string" } ], - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "imagePullSecrets": { + "description": "List of image pull secrets specified in the Deployment", + "type": "array", "items": { - "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", + "type": "object", "properties": { "name": { - "default": "", - "type": "string" + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "replicas": { - "minimum": 0, - "type": "integer" + "description": "Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.", + "type": "integer", + "minimum": 0 }, "serviceAccountName": { + "description": "If specified, the pod's service account", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", "items": { - "additionalProperties": false, + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", + "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "fetchConfig": { - "additionalProperties": false, + "description": "FetchConfig determines how the operator will fetch the components and metadata for the provider.\nIf nil, the operator will try to fetch components according to default\nembedded fetch configuration for the given kind and `ObjectMeta.Name`.\nFor example, the infrastructure name `aws` will fetch artifacts from\nhttps://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.", + "type": "object", "properties": { "selector": { - "additionalProperties": false, + "description": "Selector to be used for fetching provider’s components and metadata from\nConfigMaps stored inside the cluster. Each ConfigMap is expected to contain\ncomponents and metadata for a specific version only.\nNote: the name of the ConfigMap should be set to the version or to override this\nadd a label like the following: provider.cluster.x-k8s.io/version=v1.4.3", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "type": "array", "items": { "type": "string" }, - "type": "array", "x-kubernetes-list-type": "atomic" } }, - "required": [ - "key", - "operator" - ], - "type": "object" + "additionalProperties": false }, - "type": "array", "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "url": { + "description": "URL to be used for fetching the provider’s components and metadata from a remote Github repository.\nFor example, https://github.com/{owner}/{repository}/releases\nYou must set `providerSpec.Version` field for operator to pick up\ndesired version of the release from GitHub.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "manager": { - "additionalProperties": false, + "description": "Manager defines the properties that can be enabled on the controller manager for the provider.", + "type": "object", "properties": { "cacheNamespace": { + "description": "CacheNamespace if specified restricts the manager's cache to watch objects in\nthe desired namespace Defaults to all namespaces\n\nNote: If a namespace is specified, controllers can still Watch for a\ncluster-scoped resource (e.g Node). For namespaced resources the cache\nwill only hold objects from the desired namespace.", "type": "string" }, "controller": { - "additionalProperties": false, + "description": "Controller contains global configuration options for controllers\nregistered within this manager.", + "type": "object", "properties": { "cacheSyncTimeout": { - "format": "int64", - "type": "integer" + "description": "CacheSyncTimeout refers to the time limit set to wait for syncing caches.\nDefaults to 2 minutes if not set.", + "type": "integer", + "format": "int64" }, "groupKindConcurrency": { + "description": "GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation\nallowed for that controller.\n\nWhen a controller is registered within this manager using the builder utilities,\nusers have to specify the type the controller reconciles in the For(...) call.\nIf the object's kind passed matches one of the keys in this map, the concurrency\nfor that controller is set to the number specified.\n\nThe key is expected to be consistent in form with GroupKind.String(),\ne.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.", + "type": "object", "additionalProperties": { "type": "integer" - }, - "type": "object" + } }, "recoverPanic": { + "description": "RecoverPanic indicates if panics should be recovered.", "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "featureGates": { + "description": "FeatureGates define provider specific feature flags that will be passed\nin as container args to the provider's controller manager.\nController Manager flag is --feature-gates.", + "type": "object", "additionalProperties": { "type": "boolean" - }, - "type": "object" + } }, "gracefulShutDown": { + "description": "GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.\nTo disable graceful shutdown, set to time.Duration(0)\nTo use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)\nThe graceful shutdown is skipped for safety reasons in case the leader election lease is lost.", "type": "string" }, "health": { - "additionalProperties": false, + "description": "Health contains the controller health configuration", + "type": "object", "properties": { "healthProbeBindAddress": { + "description": "HealthProbeBindAddress is the TCP address that the controller should bind to\nfor serving health probes\nIt can be set to \"0\" or \"\" to disable serving the health probe.", "type": "string" }, "livenessEndpointName": { + "description": "LivenessEndpointName, defaults to \"healthz\"", "type": "string" }, "readinessEndpointName": { + "description": "ReadinessEndpointName, defaults to \"readyz\"", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "leaderElection": { - "additionalProperties": false, + "description": "LeaderElection is the LeaderElection config to be used when configuring\nthe manager.Manager leader election", + "type": "object", + "required": [ + "leaderElect", + "leaseDuration", + "renewDeadline", + "resourceLock", + "resourceName", + "resourceNamespace", + "retryPeriod" + ], "properties": { "leaderElect": { + "description": "leaderElect enables a leader election client to gain leadership\nbefore executing the main loop. Enable this when running replicated\ncomponents for high availability.", "type": "boolean" }, "leaseDuration": { + "description": "leaseDuration is the duration that non-leader candidates will wait\nafter observing a leadership renewal until attempting to acquire\nleadership of a led but unrenewed leader slot. This is effectively the\nmaximum duration that a leader can be stopped before it is replaced\nby another candidate. This is only applicable if leader election is\nenabled.", "type": "string" }, "renewDeadline": { + "description": "renewDeadline is the interval between attempts by the acting master to\nrenew a leadership slot before it stops leading. This must be less\nthan or equal to the lease duration. This is only applicable if leader\nelection is enabled.", "type": "string" }, "resourceLock": { + "description": "resourceLock indicates the resource object type that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceName": { + "description": "resourceName indicates the name of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "resourceNamespace": { + "description": "resourceName indicates the namespace of resource object that will be used to lock\nduring leader election cycles.", "type": "string" }, "retryPeriod": { + "description": "retryPeriod is the duration the clients should wait between attempting\nacquisition and renewal of a leadership. This is only applicable if\nleader election is enabled.", "type": "string" } }, - "required": [ - "leaderElect", - "leaseDuration", - "renewDeadline", - "resourceLock", - "resourceName", - "resourceNamespace", - "retryPeriod" - ], - "type": "object" + "additionalProperties": false }, "maxConcurrentReconciles": { - "minimum": 1, - "type": "integer" + "description": "MaxConcurrentReconciles is the maximum number of concurrent Reconciles\nwhich can be run.", + "type": "integer", + "minimum": 1 }, "metrics": { - "additionalProperties": false, + "description": "Metrics contains thw controller metrics configuration", + "type": "object", "properties": { "bindAddress": { + "description": "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "profilerAddress": { + "description": "ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).\nDefault empty, meaning the profiler is disabled.\nController Manager flag is --profiler-address.", "type": "string" }, "syncPeriod": { + "description": "SyncPeriod determines the minimum frequency at which watched resources are\nreconciled. A lower period will correct entropy more quickly, but reduce\nresponsiveness to change if there are many watched resources. Change this\nvalue only if you know what you are doing. Defaults to 10 hours if unset.\nthere will a 10 percent jitter between the SyncPeriod of all controllers\nso that all controllers will not send list requests simultaneously.", "type": "string" }, "verbosity": { + "description": "Verbosity set the logs verbosity. Defaults to 1.\nController Manager flag is --verbosity.", + "type": "integer", "default": 1, - "minimum": 0, - "type": "integer" + "minimum": 0 }, "webhook": { - "additionalProperties": false, + "description": "Webhook contains the controllers webhook configuration", + "type": "object", "properties": { "certDir": { + "description": "CertDir is the directory that contains the server key and certificate.\nif not set, webhook server would look up the server key and certificate in\n{TempDir}/k8s-webhook-server/serving-certs. The server key and certificate\nmust be named tls.key and tls.crt, respectively.", "type": "string" }, "host": { + "description": "Host is the hostname that the webhook server binds to.\nIt is used to set webhook.Server.Host.", "type": "string" }, "port": { + "description": "Port is the port that the webhook server serves at.\nIt is used to set webhook.Server.Port.", "type": "integer" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "secretName": { + "description": "SecretName is the name of the Secret providing the configuration\nvariables for the current provider instance, like e.g. credentials.\nSuch configurations will be used when creating or upgrading provider components.\nThe contents of the secret will be treated as immutable. If changes need\nto be made, a new object can be created and the name should be updated.\nThe contents should be in the form of key:value. This secret must be in\nthe same namespace as the provider.", "type": "string" }, "secretNamespace": { + "description": "SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified,\nthe namespace of the provider will be used.", "type": "string" }, "version": { + "description": "Version indicates the provider version.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "InfrastructureProviderStatus defines the observed state of InfrastructureProvider.", + "type": "object", "properties": { "conditions": { + "description": "Conditions define the current service state of the provider.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition defines an observation of a Cluster API resource operational state.", + "type": "object", + "required": [ + "lastTransitionTime", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { + "description": "message is a human readable message indicating details about the transition.\nThis field may be empty.", + "type": "string", "maxLength": 10240, - "minLength": 1, - "type": "string" + "minLength": 1 }, "reason": { + "description": "reason is the reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 }, "severity": { - "maxLength": 32, - "type": "string" + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", + "type": "string", + "maxLength": 32 }, "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string", "maxLength": 256, - "minLength": 1, - "type": "string" + "minLength": 1 } }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "contract": { + "description": "Contract will contain the core provider contract that the provider is\nabiding by, like e.g. v1alpha4.", "type": "string" }, "installedVersion": { + "description": "InstalledVersion is the version of the provider that is installed.", "type": "string" }, "observedGeneration": { - "format": "int64", - "type": "integer" + "description": "ObservedGeneration is the latest generation observed by the controller.", + "type": "integer", + "format": "int64" } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/operators.coreos.com/operator_v2alpha1.json b/schema/operators.coreos.com/operator_v2alpha1.json index f95224c3c..672ee54d6 100644 --- a/schema/operators.coreos.com/operator_v2alpha1.json +++ b/schema/operators.coreos.com/operator_v2alpha1.json @@ -1,132 +1,162 @@ { + "description": "Operator represents a cluster operator.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "OperatorSpec defines the desired state of Operator", "type": "object" }, "status": { - "additionalProperties": false, + "description": "OperatorStatus describes the observed state of an operator and its components.", + "type": "object", "properties": { "components": { - "additionalProperties": false, + "description": "Components describes resources that compose the operator.", + "type": "object", + "required": [ + "labelSelector" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "description": "LabelSelector is a label query over a set of resources used to select the operator's components", + "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "refs": { + "description": "Refs are a set of references to the operator's component resources, selected with LabelSelector.", + "type": "array", "items": { - "additionalProperties": false, + "description": "RichReference is a reference to a resource, enriched with its status conditions.", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "conditions": { + "description": "Conditions represents the latest state of the component.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition represent the latest available observations of an component's state.", + "type": "object", + "required": [ + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "Last time the condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "lastUpdateTime": { - "format": "date-time", - "type": "string" + "description": "Last time the condition was probed", + "type": "string", + "format": "date-time" }, "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { + "description": "Type of condition.", "type": "string" } }, - "required": [ - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "labelSelector" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/packages.eks.amazonaws.com/packagecontroller_v1alpha1.json b/schema/packages.eks.amazonaws.com/packagecontroller_v1alpha1.json index bccead43f..904f9c212 100644 --- a/schema/packages.eks.amazonaws.com/packagecontroller_v1alpha1.json +++ b/schema/packages.eks.amazonaws.com/packagecontroller_v1alpha1.json @@ -1,30 +1,37 @@ { + "description": "PackageController is the Schema for the packagecontrollers API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "PackageControllerSpec defines the desired state of PackageController", + "type": "object", "properties": { "logLevel": { - "format": "int32", - "type": "integer" + "description": "Optional log level for packages controller", + "type": "integer", + "format": "int32" }, "upgradeCheckInterval": { + "description": "UpgradeCheckInterval is the time between upgrade checks. \n The format is that of time's ParseDuration.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { + "description": "PackageControllerStatus defines the observed state of PackageController", "type": "object" } - }, - "type": "object" + } } diff --git a/schema/pingcap.com/backup_v1alpha1.json b/schema/pingcap.com/backup_v1alpha1.json index a311ad53f..4fe0282c9 100644 --- a/schema/pingcap.com/backup_v1alpha1.json +++ b/schema/pingcap.com/backup_v1alpha1.json @@ -424,25 +424,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -517,6 +498,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -817,6 +801,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -1405,6 +1448,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1509,6 +1566,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1619,6 +1690,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1723,6 +1808,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2521,25 +2620,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -2614,6 +2694,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2914,6 +2997,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -3596,6 +3738,9 @@ "useKMS": { "type": "boolean" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeBackupInitJobMaxActiveSeconds": { "type": "integer", "default": 600 diff --git a/schema/pingcap.com/backupschedule_v1alpha1.json b/schema/pingcap.com/backupschedule_v1alpha1.json index 3c444620d..dc712ff4e 100644 --- a/schema/pingcap.com/backupschedule_v1alpha1.json +++ b/schema/pingcap.com/backupschedule_v1alpha1.json @@ -458,25 +458,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -551,6 +532,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -851,6 +835,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -1439,6 +1482,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1543,6 +1600,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1653,6 +1724,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1757,6 +1842,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2555,25 +2654,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -2648,6 +2728,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2948,6 +3031,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -3630,6 +3772,9 @@ "useKMS": { "type": "boolean" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeBackupInitJobMaxActiveSeconds": { "type": "integer", "default": 600 @@ -4112,25 +4257,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -4205,6 +4331,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -4505,6 +4634,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -5093,6 +5281,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -5197,6 +5399,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -5307,6 +5523,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -5411,6 +5641,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -6096,25 +6340,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -6189,6 +6414,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -6489,6 +6717,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -7589,25 +7876,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -7682,6 +7950,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -7982,6 +8253,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -8801,25 +9131,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -8894,6 +9205,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -9194,6 +9508,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -9782,6 +10155,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -9886,6 +10273,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -9996,6 +10397,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -10100,6 +10515,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -10898,25 +11327,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -10991,6 +11401,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -11291,6 +11704,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -11973,6 +12445,9 @@ "useKMS": { "type": "boolean" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeBackupInitJobMaxActiveSeconds": { "type": "integer", "default": 600 @@ -12059,6 +12534,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false diff --git a/schema/pingcap.com/compactbackup_v1alpha1.json b/schema/pingcap.com/compactbackup_v1alpha1.json index 157a15f94..410522ada 100644 --- a/schema/pingcap.com/compactbackup_v1alpha1.json +++ b/schema/pingcap.com/compactbackup_v1alpha1.json @@ -424,25 +424,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -517,6 +498,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -817,6 +801,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -1405,6 +1448,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1509,6 +1566,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1619,6 +1690,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1723,6 +1808,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2408,25 +2507,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -2501,6 +2581,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2801,6 +2884,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { diff --git a/schema/pingcap.com/dmcluster_v1alpha1.json b/schema/pingcap.com/dmcluster_v1alpha1.json index 2984d87d3..42ef7ce1b 100644 --- a/schema/pingcap.com/dmcluster_v1alpha1.json +++ b/schema/pingcap.com/dmcluster_v1alpha1.json @@ -226,6 +226,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -330,6 +344,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -440,6 +468,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -544,6 +586,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -849,6 +905,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -938,6 +1007,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -2047,25 +2129,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -2140,6 +2203,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2440,6 +2506,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -3031,6 +3156,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3135,6 +3274,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3245,6 +3398,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3349,6 +3516,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3872,6 +4053,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -3961,6 +4155,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -5252,6 +5459,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -5341,6 +5561,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -6450,25 +6683,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -6543,6 +6757,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -6843,6 +7060,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -7431,6 +7707,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -7535,6 +7825,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -7645,6 +7949,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -7749,6 +8067,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -8282,6 +8614,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -8371,6 +8716,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -9402,6 +9760,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -9869,6 +10230,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -9958,6 +10332,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -11067,25 +11454,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -11160,6 +11528,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -11460,6 +11831,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -12048,6 +12478,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12152,6 +12596,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12262,6 +12720,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12366,6 +12838,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12908,6 +13394,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -12997,6 +13496,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -13973,6 +14485,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false diff --git a/schema/pingcap.com/restore_v1alpha1.json b/schema/pingcap.com/restore_v1alpha1.json index c7df3ec92..0ac31e797 100644 --- a/schema/pingcap.com/restore_v1alpha1.json +++ b/schema/pingcap.com/restore_v1alpha1.json @@ -424,25 +424,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -517,6 +498,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -817,6 +801,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -1405,6 +1448,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1509,6 +1566,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1619,6 +1690,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -1723,6 +1808,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2412,25 +2511,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -2505,6 +2585,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2805,6 +2888,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -3667,25 +3809,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -3760,6 +3883,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -4060,6 +4186,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -4822,6 +5007,9 @@ "volumeAZ": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "warmup": { "type": "string" }, diff --git a/schema/pingcap.com/tidbcluster_v1alpha1.json b/schema/pingcap.com/tidbcluster_v1alpha1.json index d6025e511..2ed72c157 100644 --- a/schema/pingcap.com/tidbcluster_v1alpha1.json +++ b/schema/pingcap.com/tidbcluster_v1alpha1.json @@ -229,6 +229,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -333,6 +347,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -443,6 +471,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -547,6 +589,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -873,6 +929,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -962,6 +1031,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -2071,25 +2153,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -2164,6 +2227,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -2464,6 +2530,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -3052,6 +3177,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3156,6 +3295,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3266,6 +3419,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3370,6 +3537,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3893,6 +4074,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -3982,6 +4176,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -5300,91 +5507,117 @@ }, "additionalProperties": false }, - "tcpSocket": { + "sleep": { "type": "object", "required": [ - "port" + "seconds" ], "properties": { - "host": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - }, - "preStop": { - "type": "object", - "properties": { - "exec": { - "type": "object", - "properties": { - "command": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "additionalProperties": false - }, - "httpGet": { - "type": "object", - "required": [ - "port" - ], - "properties": { - "host": { - "type": "string" - }, - "httpHeaders": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name", - "value" - ], - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "path": { - "type": "string" - }, - "port": { - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - }, - "scheme": { - "type": "string" + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", + "required": [ + "port" + ], + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "preStop": { + "type": "object", + "properties": { + "exec": { + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + }, + "httpGet": { + "type": "object", + "required": [ + "port" + ], + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "type": "array", + "items": { + "type": "object", + "required": [ + "name", + "value" + ], + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "additionalProperties": false + }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" } }, "additionalProperties": false @@ -6498,25 +6731,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -6591,6 +6805,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -6891,6 +7108,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -7479,6 +7755,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -7583,6 +7873,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -7693,6 +7997,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -7797,6 +8115,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -8333,6 +8665,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -8422,6 +8767,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -9413,6 +9771,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -9498,6 +9859,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -9753,6 +10117,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -9842,6 +10219,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -10951,25 +11341,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -11044,6 +11415,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -11344,6 +11718,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -11932,6 +12365,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12036,6 +12483,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12146,6 +12607,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12250,6 +12725,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -12780,6 +13269,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -12869,6 +13371,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -13851,6 +14366,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -13936,6 +14454,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -14293,6 +14814,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -14382,6 +14916,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -15491,25 +16038,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -15584,6 +16112,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -15884,6 +16415,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -16472,6 +17062,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -16576,6 +17180,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -16686,6 +17304,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -16790,6 +17422,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -17320,6 +17966,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -17409,6 +18068,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -18380,6 +19052,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -18680,6 +19355,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -18769,6 +19457,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -19878,25 +20579,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -19971,6 +20653,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -20271,6 +20956,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -20859,6 +21603,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -20963,6 +21721,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -21073,6 +21845,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -21177,6 +21963,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -21710,6 +22510,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -21799,6 +22612,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -22710,6 +23536,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -22798,6 +23627,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -23044,6 +23876,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -23133,6 +23978,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -24242,25 +25100,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -24335,6 +25174,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -24635,6 +25477,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -25223,6 +26124,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -25327,6 +26242,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -25437,6 +26366,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -25541,6 +26484,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -26125,6 +27082,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -26214,6 +27184,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -26997,6 +27980,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -27086,6 +28082,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -27510,6 +28519,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -27610,6 +28622,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -27857,6 +28872,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -27946,6 +28974,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -29055,25 +30096,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -29148,6 +30170,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -29448,6 +30473,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -30036,6 +31120,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -30140,6 +31238,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -30250,6 +31362,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -30354,6 +31480,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -30902,6 +32042,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -30991,6 +32144,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -32078,6 +33244,9 @@ }, "storageClassName": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -32406,6 +33575,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -32495,6 +33677,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -33604,25 +34799,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -33697,6 +34873,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -33997,6 +35176,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -34585,6 +35823,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -34689,6 +35941,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -34799,6 +36065,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -34903,6 +36183,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -35451,6 +36745,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -35540,6 +36847,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -36553,6 +37873,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -36642,6 +37965,9 @@ "version": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "waitLeaderTransferBackTimeout": { "type": "string" } @@ -36893,6 +38219,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -36982,6 +38321,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -38091,25 +39443,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -38184,6 +39517,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -38484,6 +39820,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -39072,6 +40467,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -39176,6 +40585,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -39286,6 +40709,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -39390,6 +40827,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -39923,6 +41374,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -40012,6 +41476,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -40926,6 +42403,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false @@ -41011,6 +42491,9 @@ }, "version": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false diff --git a/schema/pingcap.com/tidbdashboard_v1alpha1.json b/schema/pingcap.com/tidbdashboard_v1alpha1.json index e01c085c6..5e6fa7cac 100644 --- a/schema/pingcap.com/tidbdashboard_v1alpha1.json +++ b/schema/pingcap.com/tidbdashboard_v1alpha1.json @@ -256,6 +256,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -345,6 +358,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -1454,25 +1480,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -1547,6 +1554,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -1847,6 +1857,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -2435,6 +2504,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2539,6 +2622,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2649,6 +2746,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2753,6 +2864,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3309,6 +3434,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -3398,6 +3536,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -4359,6 +4510,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false diff --git a/schema/pingcap.com/tidbmonitor_v1alpha1.json b/schema/pingcap.com/tidbmonitor_v1alpha1.json index 7d09c74dd..8c8616c07 100644 --- a/schema/pingcap.com/tidbmonitor_v1alpha1.json +++ b/schema/pingcap.com/tidbmonitor_v1alpha1.json @@ -258,6 +258,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -347,6 +360,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -1425,25 +1451,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -1518,6 +1525,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -1818,6 +1828,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { diff --git a/schema/pingcap.com/tidbngmonitoring_v1alpha1.json b/schema/pingcap.com/tidbngmonitoring_v1alpha1.json index 00b82e2a7..c5d842624 100644 --- a/schema/pingcap.com/tidbngmonitoring_v1alpha1.json +++ b/schema/pingcap.com/tidbngmonitoring_v1alpha1.json @@ -257,6 +257,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -346,6 +359,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -1455,25 +1481,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -1548,6 +1555,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -1848,6 +1858,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -2436,6 +2505,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2540,6 +2623,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2650,6 +2747,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -2754,6 +2865,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -3284,6 +3409,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -3373,6 +3511,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -4320,6 +4471,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -4409,6 +4573,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -5518,25 +5695,6 @@ "resources": { "type": "object", "properties": { - "claims": { - "type": "array", - "items": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, "limits": { "type": "object", "additionalProperties": { @@ -5611,6 +5769,9 @@ "storageClassName": { "type": "string" }, + "volumeAttributesClassName": { + "type": "string" + }, "volumeMode": { "type": "string" }, @@ -5911,6 +6072,65 @@ "items": { "type": "object", "properties": { + "clusterTrustBundle": { + "type": "object", + "required": [ + "path" + ], + "properties": { + "labelSelector": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "matchLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "additionalProperties": false, + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "additionalProperties": false + }, "configMap": { "type": "object", "properties": { @@ -6499,6 +6719,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -6603,6 +6837,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -6713,6 +6961,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -6817,6 +7079,20 @@ "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "type": "array", + "items": { + "type": "string" + }, + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { "type": "object", "properties": { @@ -7347,6 +7623,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -7436,6 +7725,19 @@ }, "additionalProperties": false }, + "sleep": { + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "type": "integer", + "format": "int64" + } + }, + "additionalProperties": false + }, "tcpSocket": { "type": "object", "required": [ @@ -8342,6 +8644,9 @@ }, "storageSize": { "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" } }, "additionalProperties": false diff --git a/schema/piraeus.linbit.com/linstorcontroller_v1.json b/schema/piraeus.linbit.com/linstorcontroller_v1.json index 6385b3291..c80c21934 100644 --- a/schema/piraeus.linbit.com/linstorcontroller_v1.json +++ b/schema/piraeus.linbit.com/linstorcontroller_v1.json @@ -1,16 +1,20 @@ { + "description": "LinstorController is the Schema for the linstorcontrollers API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorControllerSpec defines the desired state of LinstorController", "type": "object", "required": [ "controllerImage", @@ -20,67 +24,80 @@ ], "properties": { "additionalEnv": { + "description": "AdditionalEnv is a list of extra environments variables to pass to the controller container", "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -93,30 +110,33 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -127,6 +147,7 @@ "nullable": true }, "additionalProperties": { + "description": "AdditionalProperties is a map of additional properties to set on the Linstor controller", "type": "object", "additionalProperties": { "type": "string" @@ -134,14 +155,18 @@ "nullable": true }, "affinity": { + "description": "Affinity for scheduling the controller pod", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -149,11 +174,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -161,12 +189,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -177,8 +208,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -186,12 +219,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -202,10 +238,10 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -214,19 +250,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -234,12 +275,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -250,8 +294,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -259,12 +305,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -275,23 +324,24 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -299,17 +349,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -317,12 +371,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -333,21 +390,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -355,12 +415,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -371,28 +434,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -401,19 +467,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -421,12 +492,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -437,21 +511,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -459,12 +536,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -475,22 +555,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -501,11 +583,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -513,17 +598,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -531,12 +620,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -547,21 +639,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -569,12 +664,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -585,28 +683,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -615,19 +716,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -635,12 +741,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -651,21 +760,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -673,12 +785,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -689,22 +804,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -719,52 +836,65 @@ "nullable": true }, "controllerImage": { + "description": "controllerImage is the image (location + tag) for the LINSTOR controller/server container", "type": "string" }, "dbCertSecret": { + "description": "DBCertSecret is the name of the kubernetes secret that holds the CA certificate used to verify the datatbase connection. The secret must contain a key \"ca.crt\" which holds the certificate in PEM format", "type": "string", "nullable": true }, "dbConnectionURL": { + "description": "DBConnectionURL is the URL of the ETCD endpoint for LINSTOR Controller", "type": "string" }, "dbUseClientCert": { + "description": "Use a TLS client certificate for authentication with the database (etcd). If set to true, `dbCertSecret` must be set and contain two additional entries \"tls.crt\" (PEM encoded) and \"tls.key\" (PEM encoded, without passphrase).", "type": "boolean" }, "drbdRepoCred": { + "description": "DrbdRepoCred is the name of the kubernetes secret that holds the credential for the DRBD repositories", "type": "string" }, "extraVolumes": { + "description": "ExtraVolumes are additional volumes which can be added to the pods.", "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -772,27 +902,34 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" } }, "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -800,92 +937,111 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -893,13 +1049,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -907,41 +1066,48 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -951,53 +1117,64 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1010,11 +1187,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -1024,12 +1201,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1045,27 +1225,33 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where `\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -1073,19 +1259,22 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -1093,32 +1282,40 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -1130,6 +1327,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1145,6 +1343,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1163,11 +1362,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -1175,12 +1377,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1191,22 +1396,25 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -1219,25 +1427,31 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -1247,92 +1461,111 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -1340,33 +1573,40 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -1375,56 +1615,69 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -1432,83 +1685,103 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types", "type": "object", "properties": { "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1516,13 +1789,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1530,59 +1806,70 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1595,11 +1882,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -1609,11 +1896,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1621,13 +1911,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1635,29 +1928,34 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", "type": "string" } }, @@ -1671,6 +1969,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -1678,27 +1977,34 @@ ], "properties": { "group": { + "description": "group to map volume access to Default is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to Defaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -1706,43 +2012,52 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -1751,55 +2066,69 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1807,13 +2136,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1821,58 +2153,71 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -1884,23 +2229,29 @@ "nullable": true }, "httpBindAddress": { + "description": "HttpBindAddress is address used to bind HTTP listener", "type": "string", "nullable": true }, "httpsBindAddress": { + "description": "HttpsBindAddress is address used to bind HTTPS listener", "type": "string", "nullable": true }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.crt`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `tls.key`: client key used by the linstor client (PEM format, without password) (c) `tls.crt`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "linstorHttpsControllerSecret": { + "description": "Name of the secret containing the java keystore (`keystore.jks`) used to enable HTTPS on the controller. The controller will create a secured https endpoint on port 3371 with the key stored in `keystore.jks`. The keystore must be secured using the passphrase \"linstor\". Also needs to contain a truststore `truststore.jks`, which will be used to authenticate clients.", "type": "string" }, "logLevel": { + "description": "LogLevel sets the log level for deployed components.", "type": "string", "enum": [ "error", @@ -1912,29 +2263,36 @@ "nullable": true }, "luksSecret": { + "description": "Name of the secret containing the master passphrase for LUKS devices as `MASTER_PASSPHRASE`", "type": "string", "nullable": true }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the controller pods", "type": "string" }, "replicas": { + "description": "Number of replicas in the controller deployment", "type": "integer", "format": "int32", "nullable": true }, "resources": { + "description": "Resource requirements for the LINSTOR controller pod", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -1946,6 +2304,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1961,6 +2320,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1980,90 +2340,108 @@ "nullable": true }, "serviceAccountName": { + "description": "Name of the service account that runs leader elections for linstor", "type": "string" }, "sidecars": { + "description": "Sidecars are additional containers which can be added to the pods.", "type": "array", "items": { + "description": "A single application container that you want to run within a pod.", "type": "object", "required": [ "name" ], "properties": { "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2076,30 +2454,33 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -2109,59 +2490,72 @@ } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps", "type": "object", "properties": { "configMapRef": { + "description": "The ConfigMap to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { + "description": "The Secret to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false } }, "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", "type": "object", "properties": { "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2171,17 +2565,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2189,9 +2587,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2199,9 +2599,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2213,21 +2615,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2245,12 +2651,15 @@ "additionalProperties": false }, "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2260,17 +2669,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2278,9 +2691,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2288,9 +2703,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2302,21 +2719,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2337,12 +2758,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2352,38 +2776,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2391,9 +2822,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2401,9 +2834,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2415,33 +2850,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2456,10 +2898,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -2467,31 +2911,39 @@ "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", "type": "array", "items": { + "description": "ContainerPort represents a network port in a single container.", "type": "object", "required": [ "containerPort" ], "properties": { "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", "type": "integer", "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", "type": "integer", "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", "type": "string", "default": "TCP" } @@ -2505,12 +2957,15 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2520,38 +2975,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2559,9 +3021,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2569,9 +3033,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2583,33 +3049,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2624,10 +3097,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -2635,17 +3110,21 @@ "additionalProperties": false }, "resources": { + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -2657,6 +3136,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2672,6 +3152,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2690,23 +3171,30 @@ "additionalProperties": false }, "securityContext": { + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } } @@ -2714,71 +3202,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -2788,12 +3295,15 @@ "additionalProperties": false }, "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2803,38 +3313,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2842,9 +3359,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2852,9 +3371,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2866,33 +3387,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2907,10 +3435,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -2918,23 +3448,30 @@ "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "type": "array", "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "type": "object", "required": [ "devicePath", @@ -2942,9 +3479,11 @@ ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, @@ -2952,8 +3491,10 @@ } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -2961,21 +3502,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -2983,6 +3530,7 @@ } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, @@ -2991,28 +3539,36 @@ "nullable": true }, "sslSecret": { + "description": "Name of k8s secret that holds the SSL key for a node (called `keystore.jks`) and the trusted certificates (called `certificates.jks`)", "type": "string", "nullable": true }, "tolerations": { + "description": "Tolerations for scheduling the controller pod", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -3024,6 +3580,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorControllerStatus defines the observed state of LinstorController", "type": "object", "required": [ "ControllerStatus", @@ -3032,12 +3589,14 @@ ], "properties": { "ControllerProperties": { + "description": "properties set on the Linstor controller", "type": "object", "additionalProperties": { "type": "string" } }, "ControllerStatus": { + "description": "ControllerStatus information.", "type": "object", "required": [ "nodeName", @@ -3045,17 +3604,21 @@ ], "properties": { "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" } }, "additionalProperties": false }, "SatelliteStatuses": { + "description": "SatelliteStatuses by hostname.", "type": "array", "items": { + "description": "SatelliteStatus should provide all the information that the reconsile loop needs to manage the operation of the LINSTOR Satellite.", "type": "object", "required": [ "connectionStatus", @@ -3065,17 +3628,22 @@ ], "properties": { "connectionStatus": { + "description": "As indicated by Linstor", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" }, "storagePoolStatus": { + "description": "StoragePoolStatuses by storage pool name.", "type": "array", "items": { + "description": "StoragePoolStatus reports basic information about storage pool state.", "type": "object", "required": [ "freeCapacity", @@ -3086,16 +3654,20 @@ ], "properties": { "freeCapacity": { + "description": "Usage reporting", "type": "integer", "format": "int64" }, "name": { + "description": "The name of the storage pool.", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet hosting the storage pool.", "type": "string" }, "provider": { + "description": "Provider is the underlying storage, lvm, zfs, etc.", "type": "string" }, "totalCapacity": { @@ -3111,6 +3683,7 @@ } }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/piraeus.linbit.com/linstorcontroller_v1alpha1.json b/schema/piraeus.linbit.com/linstorcontroller_v1alpha1.json index 883a23b38..58025d96b 100644 --- a/schema/piraeus.linbit.com/linstorcontroller_v1alpha1.json +++ b/schema/piraeus.linbit.com/linstorcontroller_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "LinstorController is the Schema for the linstorcontrollers API DEPRECATED: use v1", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorControllerSpec defines the desired state of LinstorController", "type": "object", "required": [ "controllerImage", @@ -20,14 +24,18 @@ ], "properties": { "affinity": { + "description": "Affinity for scheduling the controller pod", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -35,11 +43,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -47,12 +58,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -63,8 +77,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -72,12 +88,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -91,6 +110,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -99,19 +119,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -119,12 +144,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -135,8 +163,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -144,12 +174,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -170,11 +203,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -182,17 +218,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -200,12 +240,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -216,6 +259,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -225,18 +269,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -245,19 +292,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -265,12 +317,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -281,6 +336,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -290,12 +346,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -306,11 +364,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -318,17 +379,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -336,12 +401,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -352,6 +420,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -361,18 +430,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -381,19 +453,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -401,12 +478,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -417,6 +497,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -426,12 +507,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -446,68 +529,63 @@ "nullable": true }, "controllerImage": { + "description": "controllerImage is the image (location + tag) for the LINSTOR controller/server container", "type": "string" }, "dbCertSecret": { + "description": "DBCertSecret is the name of the kubernetes secret that holds the CA certificate used to verify the datatbase connection. The secret must contain a key \"ca.pem\" which holds the certificate in PEM format", "type": "string", "nullable": true }, "dbConnectionURL": { + "description": "DBConnectionURL is the URL of the ETCD endpoint for LINSTOR Controller", "type": "string" }, "dbUseClientCert": { + "description": "Use a TLS client certificate for authentication with the database (etcd). If set to true, `dbCertSecret` must be set and contain two additional entries \"client.cert\" (PEM encoded) and \"client.key\" (PKCS8 encoded, without passphrase).", "type": "boolean" }, "drbdRepoCred": { + "description": "DrbdRepoCred is the name of the kubernetes secret that holds the credential for the DRBD repositories", "type": "string" }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.pem`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `client.key`: client key used by the linstor client (PEM format, without password) (c) `client.cert`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "linstorHttpsControllerSecret": { + "description": "Name of the secret containing the java keystore (`keystore.jks`) used to enable HTTPS on the controller. The controller will create a secured https endpoint on port 3371 with the key stored in `keystore.jks`. The keystore must be secured using the passphrase \"linstor\". Also needs to contain a truststore `truststore.jks`, which will be used to authenticate clients.", "type": "string" }, "luksSecret": { + "description": "Name of the secret containing the master passphrase for LUKS devices as `MASTER_PASSPHRASE`", "type": "string", "nullable": true }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the controller pods", "type": "string" }, "resources": { + "description": "Resource requirements for the LINSTOR controller pod", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } } }, @@ -515,28 +593,36 @@ "nullable": true }, "sslSecret": { + "description": "Name of k8s secret that holds the SSL key for a node (called `keystore.jks`) and the trusted certificates (called `certificates.jks`)", "type": "string", "nullable": true }, "tolerations": { + "description": "Tolerations for scheduling the controller pod", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -548,6 +634,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorControllerStatus defines the observed state of LinstorController", "type": "object", "required": [ "ControllerStatus", @@ -556,6 +643,7 @@ ], "properties": { "ControllerStatus": { + "description": "ControllerStatus information.", "type": "object", "required": [ "nodeName", @@ -563,17 +651,21 @@ ], "properties": { "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" } }, "additionalProperties": false }, "SatelliteStatuses": { + "description": "SatelliteStatuses by hostname.", "type": "array", "items": { + "description": "SatelliteStatus should provide all the information that the reconsile loop needs to manage the operation of the LINSTOR Satellite.", "type": "object", "required": [ "connectionStatus", @@ -583,17 +675,22 @@ ], "properties": { "connectionStatus": { + "description": "As indicated by Linstor", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" }, "storagePoolStatus": { + "description": "StoragePoolStatuses by storage pool name.", "type": "array", "items": { + "description": "StoragePoolStatus reports basic information about storage pool state.", "type": "object", "required": [ "freeCapacity", @@ -604,16 +701,20 @@ ], "properties": { "freeCapacity": { + "description": "Usage reporting", "type": "integer", "format": "int64" }, "name": { + "description": "The name of the storage pool.", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet hosting the storage pool.", "type": "string" }, "provider": { + "description": "Provider is the underlying storage, lvm, zfs, etc.", "type": "string" }, "totalCapacity": { @@ -629,6 +730,7 @@ } }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/piraeus.linbit.com/linstorcontrollerset_v1alpha1.json b/schema/piraeus.linbit.com/linstorcontrollerset_v1alpha1.json index 20f376bb9..d83c4c655 100644 --- a/schema/piraeus.linbit.com/linstorcontrollerset_v1alpha1.json +++ b/schema/piraeus.linbit.com/linstorcontrollerset_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "LinstorControllerSet is the Schema for the linstorcontrollersets API DEPRECATED: use LinstorController", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorControllerSetSpec defines the desired state of LinstorControllerSet", "type": "object", "required": [ "controllerImage", @@ -20,14 +24,18 @@ ], "properties": { "affinity": { + "description": "Affinity for scheduling the controller pod", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -35,11 +43,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -47,12 +58,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -63,8 +77,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -72,12 +88,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -91,6 +110,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -99,19 +119,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -119,12 +144,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -135,8 +163,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -144,12 +174,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -170,11 +203,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -182,17 +218,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -200,12 +240,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -216,6 +259,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -225,18 +269,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -245,19 +292,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -265,12 +317,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -281,6 +336,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -290,12 +346,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -306,11 +364,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -318,17 +379,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -336,12 +401,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -352,6 +420,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -361,18 +430,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -381,19 +453,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -401,12 +478,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -417,6 +497,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -426,12 +507,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -446,68 +529,63 @@ "nullable": true }, "controllerImage": { + "description": "controllerImage is the image (location + tag) for the LINSTOR controller/server container", "type": "string" }, "dbCertSecret": { + "description": "DBCertSecret is the name of the kubernetes secret that holds the CA certificate used to verify the datatbase connection. The secret must contain a key \"ca.pem\" which holds the certificate in PEM format", "type": "string", "nullable": true }, "dbConnectionURL": { + "description": "DBConnectionURL is the URL of the ETCD endpoint for LINSTOR Controller", "type": "string" }, "dbUseClientCert": { + "description": "Use a TLS client certificate for authentication with the database (etcd). If set to true, `dbCertSecret` must be set and contain two additional entries \"client.cert\" (PEM encoded) and \"client.key\" (PKCS8 encoded, without passphrase).", "type": "boolean" }, "drbdRepoCred": { + "description": "DrbdRepoCred is the name of the kubernetes secret that holds the credential for the DRBD repositories", "type": "string" }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.pem`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `client.key`: client key used by the linstor client (PEM format, without password) (c) `client.cert`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "linstorHttpsControllerSecret": { + "description": "Name of the secret containing the java keystore (`keystore.jks`) used to enable HTTPS on the controller. The controller will create a secured https endpoint on port 3371 with the key stored in `keystore.jks`. The keystore must be secured using the passphrase \"linstor\". Also needs to contain a truststore `truststore.jks`, which will be used to authenticate clients.", "type": "string" }, "luksSecret": { + "description": "Name of the secret containing the master passphrase for LUKS devices as `MASTER_PASSPHRASE`", "type": "string", "nullable": true }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the controller pods", "type": "string" }, "resources": { + "description": "Resource requirements for the LINSTOR controller pod", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } } }, @@ -515,28 +593,36 @@ "nullable": true }, "sslSecret": { + "description": "Name of k8s secret that holds the SSL key for a node (called `keystore.jks`) and the trusted certificates (called `certificates.jks`)", "type": "string", "nullable": true }, "tolerations": { + "description": "Tolerations for scheduling the controller pod", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -548,6 +634,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorControllerSetStatus defines the observed state of LinstorControllerSet", "type": "object", "required": [ "ControllerStatus", @@ -556,6 +643,7 @@ ], "properties": { "ControllerStatus": { + "description": "ControllerStatus information.", "type": "object", "required": [ "nodeName", @@ -563,23 +651,29 @@ ], "properties": { "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" } }, "additionalProperties": false }, "DependantsMigrated": { + "description": "DependantsMigrated indicated that all resources created from this LinstorControllerSet have a new owner.", "type": "boolean" }, "ResourceMigrated": { + "description": "ResourceMigrated indicates that this LinstorControllerSet was already converted into a LinstorController.", "type": "boolean" }, "SatelliteStatuses": { + "description": "SatelliteStatuses by hostname.", "type": "array", "items": { + "description": "SatelliteStatus should provide all the information that the reconsile loop needs to manage the operation of the LINSTOR Satellite.", "type": "object", "required": [ "connectionStatus", @@ -589,17 +683,22 @@ ], "properties": { "connectionStatus": { + "description": "As indicated by Linstor", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" }, "storagePoolStatus": { + "description": "StoragePoolStatuses by storage pool name.", "type": "array", "items": { + "description": "StoragePoolStatus reports basic information about storage pool state.", "type": "object", "required": [ "freeCapacity", @@ -610,16 +709,20 @@ ], "properties": { "freeCapacity": { + "description": "Usage reporting", "type": "integer", "format": "int64" }, "name": { + "description": "The name of the storage pool.", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet hosting the storage pool.", "type": "string" }, "provider": { + "description": "Provider is the underlying storage, lvm, zfs, etc.", "type": "string" }, "totalCapacity": { @@ -635,6 +738,7 @@ } }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/piraeus.linbit.com/linstorcsidriver_v1.json b/schema/piraeus.linbit.com/linstorcsidriver_v1.json index f380df67a..e29fb8c9f 100644 --- a/schema/piraeus.linbit.com/linstorcsidriver_v1.json +++ b/schema/piraeus.linbit.com/linstorcsidriver_v1.json @@ -1,16 +1,20 @@ { + "description": "LinstorCSIDriver is the Schema for the linstorcsidrivers API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorCSIDriverSpec defines the desired state of LinstorCSIDriver", "type": "object", "required": [ "imagePullSecret", @@ -18,14 +22,18 @@ ], "properties": { "controllerAffinity": { + "description": "Affinity for scheduling the CSI controller pod", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -33,11 +41,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -45,12 +56,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -61,8 +75,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -70,12 +86,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -86,10 +105,10 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -98,19 +117,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -118,12 +142,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -134,8 +161,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -143,12 +172,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -159,23 +191,24 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -183,17 +216,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -201,12 +238,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -217,21 +257,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -239,12 +282,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -255,28 +301,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -285,19 +334,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -305,12 +359,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -321,21 +378,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -343,12 +403,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -359,22 +422,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -385,11 +450,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -397,17 +465,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -415,12 +487,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -431,21 +506,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -453,12 +531,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -469,28 +550,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -499,19 +583,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -519,12 +608,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -535,21 +627,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -557,12 +652,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -573,22 +671,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -603,19 +703,24 @@ "nullable": true }, "controllerEndpoint": { + "description": "Cluster URL of the linstor controller. If not set, will be determined from the current resource name.", "type": "string" }, "controllerReplicas": { + "description": "controllerReplicas is the number of replicas created for the CSI controller deployment.", "type": "integer", "format": "int32" }, "controllerStrategy": { + "description": "controllerStrategy describes how to replace existing pods with new ones.", "type": "object", "properties": { "rollingUpdate": { + "description": "Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.", "type": "object", "properties": { "maxSurge": { + "description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.", "anyOf": [ { "type": "integer" @@ -627,6 +732,7 @@ "x-kubernetes-int-or-string": true }, "maxUnavailable": { + "description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.", "anyOf": [ { "type": "integer" @@ -641,6 +747,7 @@ "additionalProperties": false }, "type": { + "description": "Type of deployment. Can be \"Recreate\" or \"RollingUpdate\". Default is RollingUpdate.", "type": "string" } }, @@ -648,24 +755,31 @@ "nullable": true }, "controllerTolerations": { + "description": "Tolerations for schedluing CSI controller pods", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -674,79 +788,100 @@ "nullable": true }, "csiAttacherImage": { + "description": "Name of the CSI external attacher image. See https://kubernetes-csi.github.io/docs/external-attacher.html", "type": "string" }, "csiAttacherWorkerThreads": { + "description": "Number of simultaneously running operations for attaching and detaching volumes", "type": "integer", "format": "int32" }, "csiControllerServiceAccountName": { + "description": "Name of the service account used by the CSI controller pods", "type": "string" }, "csiLivenessProbeImage": { + "description": "Name of the CSI liveness probe image. See https://kubernetes-csi.github.io/docs/livenessprobe.html", "type": "string" }, "csiNodeDriverRegistrarImage": { + "description": "Name of the CSI node driver registrar image. See https://kubernetes-csi.github.io/docs/node-driver-registrar.html", "type": "string" }, "csiNodeServiceAccountName": { + "description": "Name of the service account used by the CSI node pods", "type": "string" }, "csiProvisionerImage": { + "description": "Name of the CSI external provisioner image. See https://kubernetes-csi.github.io/docs/external-provisioner.html", "type": "string" }, "csiProvisionerWorkerThreads": { + "description": "Number of simultaneously running operations for creating and deleting volumes", "type": "integer", "format": "int32" }, "csiResizerImage": { + "description": "Name of the CSI external resizer image. See https://kubernetes-csi.github.io/docs/external-resizer.html", "type": "string" }, "csiResizerWorkerThreads": { + "description": "Number of simultaneously running operations for resizing volumes", "type": "integer", "format": "int32" }, "csiSnapshotterImage": { + "description": "Name of the CSI external snapshotter image. See https://kubernetes-csi.github.io/docs/external-snapshotter.html", "type": "string" }, "csiSnapshotterWorkerThreads": { + "description": "Number of simultaneously running operations for creating and deleting snapshots", "type": "integer", "format": "int32" }, "enableTopology": { + "description": "Enable CSI topology feature to control volume accessibility on cluster nodes", "type": "boolean" }, "extraVolumes": { + "description": "ControllerExtraVolumes are additional volumes which can be added to the controller pods.", "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -754,27 +889,34 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" } }, "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -782,92 +924,111 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -875,13 +1036,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -889,41 +1053,48 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -933,53 +1104,64 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -992,11 +1174,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -1006,12 +1188,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1027,27 +1212,33 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where `\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -1055,19 +1246,22 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -1075,32 +1269,40 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -1112,6 +1314,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1127,6 +1330,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1145,11 +1349,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -1157,12 +1364,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1173,22 +1383,25 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -1201,25 +1414,31 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -1229,92 +1448,111 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -1322,33 +1560,40 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -1357,56 +1602,69 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -1414,83 +1672,103 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types", "type": "object", "properties": { "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1498,13 +1776,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1512,59 +1793,70 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1577,11 +1869,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -1591,11 +1883,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1603,13 +1898,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1617,29 +1915,34 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", "type": "string" } }, @@ -1653,6 +1956,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -1660,27 +1964,34 @@ ], "properties": { "group": { + "description": "group to map volume access to Default is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to Defaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -1688,43 +1999,52 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -1733,55 +2053,69 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1789,13 +2123,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1803,58 +2140,71 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -1866,21 +2216,27 @@ "nullable": true }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "imagePullSecret": { + "description": "Name of a secret with authentication details for the `LinstorPluginImage` registry", "type": "string" }, "kubeletPath": { + "description": "KubeletPath is the common parent path of mount targets and plugin registration directories of Kubelet. Typically this should be set to /var/lib/kubelet, but some distributions require a different path.", "type": "string" }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.crt`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `tls.key`: client key used by the linstor client (PEM format, without password) (c) `tls.crt`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "linstorPluginImage": { + "description": "Image that contains the linstor-csi driver plugin", "type": "string" }, "logLevel": { + "description": "LogLevel sets the log level for deployed components.", "type": "string", "enum": [ "error", @@ -1892,14 +2248,18 @@ "nullable": true }, "nodeAffinity": { + "description": "Affinity for scheduling the CSI node pods", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -1907,11 +2267,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -1919,12 +2282,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1935,8 +2301,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -1944,12 +2312,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1960,10 +2331,10 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -1972,19 +2343,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -1992,12 +2368,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2008,8 +2387,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2017,12 +2398,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2033,23 +2417,24 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -2057,17 +2442,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2075,12 +2464,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2091,21 +2483,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2113,12 +2508,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2129,28 +2527,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -2159,19 +2560,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2179,12 +2585,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2195,21 +2604,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2217,12 +2629,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2233,22 +2648,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -2259,11 +2676,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -2271,17 +2691,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2289,12 +2713,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2305,21 +2732,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2327,12 +2757,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2343,28 +2776,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -2373,19 +2809,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2393,12 +2834,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2409,21 +2853,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2431,12 +2878,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2447,22 +2897,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -2477,36 +2929,44 @@ "nullable": true }, "nodeExtraVolumes": { + "description": "NodeExtraVolumes are additional volumes which can be added to the node pods.", "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -2514,27 +2974,34 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" } }, "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -2542,92 +3009,111 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2635,13 +3121,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -2649,41 +3138,48 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -2693,53 +3189,64 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2752,11 +3259,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -2766,12 +3273,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2787,27 +3297,33 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where `\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -2815,19 +3331,22 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -2835,32 +3354,40 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -2872,6 +3399,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2887,6 +3415,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2905,11 +3434,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -2917,12 +3449,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -2933,22 +3468,25 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -2961,25 +3499,31 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -2989,92 +3533,111 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -3082,33 +3645,40 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -3117,56 +3687,69 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -3174,83 +3757,103 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types", "type": "object", "properties": { "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3258,13 +3861,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -3272,59 +3878,70 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -3337,11 +3954,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -3351,11 +3968,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3363,13 +3983,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -3377,29 +4000,34 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", "type": "string" } }, @@ -3413,6 +4041,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -3420,27 +4049,34 @@ ], "properties": { "group": { + "description": "group to map volume access to Default is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to Defaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -3448,43 +4084,52 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -3493,55 +4138,69 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3549,13 +4208,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -3563,58 +4225,71 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -3626,87 +4301,104 @@ "nullable": true }, "nodeSidecars": { + "description": "NodeSidecars are additional containers which can be added to the node pods.", "type": "array", "items": { + "description": "A single application container that you want to run within a pod.", "type": "object", "required": [ "name" ], "properties": { "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -3719,30 +4411,33 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -3752,59 +4447,72 @@ } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps", "type": "object", "properties": { "configMapRef": { + "description": "The ConfigMap to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { + "description": "The Secret to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false } }, "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", "type": "object", "properties": { "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -3814,17 +4522,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -3832,9 +4544,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -3842,9 +4556,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3856,21 +4572,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3888,12 +4608,15 @@ "additionalProperties": false }, "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -3903,17 +4626,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -3921,9 +4648,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -3931,9 +4660,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3945,21 +4676,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3980,12 +4715,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -3995,38 +4733,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -4034,9 +4779,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -4044,9 +4791,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4058,33 +4807,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4099,10 +4855,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -4110,31 +4868,39 @@ "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", "type": "array", "items": { + "description": "ContainerPort represents a network port in a single container.", "type": "object", "required": [ "containerPort" ], "properties": { "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", "type": "integer", "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", "type": "integer", "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", "type": "string", "default": "TCP" } @@ -4148,12 +4914,15 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -4163,38 +4932,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -4202,9 +4978,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -4212,9 +4990,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4226,33 +5006,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4267,10 +5054,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -4278,17 +5067,21 @@ "additionalProperties": false }, "resources": { + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -4300,6 +5093,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -4315,6 +5109,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -4333,23 +5128,30 @@ "additionalProperties": false }, "securityContext": { + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } } @@ -4357,71 +5159,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -4431,12 +5252,15 @@ "additionalProperties": false }, "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -4446,38 +5270,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -4485,9 +5316,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -4495,9 +5328,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4509,33 +5344,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4550,10 +5392,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -4561,23 +5405,30 @@ "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "type": "array", "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "type": "object", "required": [ "devicePath", @@ -4585,9 +5436,11 @@ ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, @@ -4595,8 +5448,10 @@ } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -4604,21 +5459,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -4626,6 +5487,7 @@ } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, @@ -4634,24 +5496,31 @@ "nullable": true }, "nodeTolerations": { + "description": "Tolerations for scheduling CSI node pods", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -4660,20 +5529,25 @@ "nullable": true }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the csi driver pods", "type": "string" }, "resources": { + "description": "Resource requirements for the csi pods. The requirements are re-used for all pods (node/controller).", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -4685,6 +5559,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -4700,6 +5575,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -4719,87 +5595,104 @@ "nullable": true }, "sidecars": { + "description": "ControllerSidecars are additional containers which can be added to the controller pods.", "type": "array", "items": { + "description": "A single application container that you want to run within a pod.", "type": "object", "required": [ "name" ], "properties": { "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -4812,30 +5705,33 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -4845,59 +5741,72 @@ } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps", "type": "object", "properties": { "configMapRef": { + "description": "The ConfigMap to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { + "description": "The Secret to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false } }, "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", "type": "object", "properties": { "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -4907,17 +5816,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -4925,9 +5838,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -4935,9 +5850,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4949,21 +5866,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -4981,12 +5902,15 @@ "additionalProperties": false }, "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -4996,17 +5920,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -5014,9 +5942,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -5024,9 +5954,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5038,21 +5970,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5073,12 +6009,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -5088,38 +6027,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -5127,9 +6073,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -5137,9 +6085,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5151,33 +6101,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5192,10 +6149,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -5203,31 +6162,39 @@ "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", "type": "array", "items": { + "description": "ContainerPort represents a network port in a single container.", "type": "object", "required": [ "containerPort" ], "properties": { "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", "type": "integer", "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", "type": "integer", "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", "type": "string", "default": "TCP" } @@ -5241,12 +6208,15 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -5256,38 +6226,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -5295,9 +6272,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -5305,9 +6284,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5319,33 +6300,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5360,10 +6348,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -5371,17 +6361,21 @@ "additionalProperties": false }, "resources": { + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -5393,6 +6387,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -5408,6 +6403,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -5426,23 +6422,30 @@ "additionalProperties": false }, "securityContext": { + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } } @@ -5450,71 +6453,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -5524,12 +6546,15 @@ "additionalProperties": false }, "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -5539,38 +6564,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -5578,9 +6610,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -5588,9 +6622,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5602,33 +6638,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -5643,10 +6686,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -5654,23 +6699,30 @@ "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "type": "array", "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "type": "object", "required": [ "devicePath", @@ -5678,9 +6730,11 @@ ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, @@ -5688,8 +6742,10 @@ } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -5697,21 +6753,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -5719,6 +6781,7 @@ } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, @@ -5730,6 +6793,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorCSIDriverStatus defines the observed state of LinstorCSIDriver", "type": "object", "required": [ "ControllerReady", @@ -5738,12 +6802,15 @@ ], "properties": { "ControllerReady": { + "description": "CSI controller ready status", "type": "boolean" }, "NodeReady": { + "description": "CSI node components ready status", "type": "boolean" }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/piraeus.linbit.com/linstorcsidriver_v1alpha1.json b/schema/piraeus.linbit.com/linstorcsidriver_v1alpha1.json index 3b0e5a125..60655fd40 100644 --- a/schema/piraeus.linbit.com/linstorcsidriver_v1alpha1.json +++ b/schema/piraeus.linbit.com/linstorcsidriver_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "LinstorCSIDriver is the Schema for the linstorcsidrivers API DEPRECATED: use v1", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorCSIDriverSpec defines the desired state of LinstorCSIDriver", "type": "object", "required": [ "imagePullSecret", @@ -18,14 +22,18 @@ ], "properties": { "controllerAffinity": { + "description": "Affinity for scheduling the CSI controller pod", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -33,11 +41,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -45,12 +56,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -61,8 +75,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -70,12 +86,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -89,6 +108,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -97,19 +117,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -117,12 +142,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -133,8 +161,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -142,12 +172,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -168,11 +201,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -180,17 +216,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -198,12 +238,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -214,6 +257,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -223,18 +267,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -243,19 +290,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -263,12 +315,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -279,6 +334,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -288,12 +344,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -304,11 +362,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -316,17 +377,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -334,12 +399,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -350,6 +418,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -359,18 +428,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -379,19 +451,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -399,12 +476,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -415,6 +495,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -424,12 +505,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -444,31 +527,40 @@ "nullable": true }, "controllerEndpoint": { + "description": "Cluster URL of the linstor controller. If not set, will be determined from the current resource name.", "type": "string" }, "controllerReplicas": { + "description": "controllerReplicas is the number of replicas created for the CSI controller deployment.", "type": "integer", "format": "int32" }, "controllerTolerations": { + "description": "Tolerations for schedluing CSI controller pods", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -477,47 +569,62 @@ "nullable": true }, "csiAttacherImage": { + "description": "Name of the CSI external attacher image. See https://kubernetes-csi.github.io/docs/external-attacher.html", "type": "string" }, "csiControllerServiceAccountName": { + "description": "Name of the service account used by the CSI controller pods", "type": "string" }, "csiNodeDriverRegistrarImage": { + "description": "Name of the CSI node driver registrar image. See https://kubernetes-csi.github.io/docs/node-driver-registrar.html", "type": "string" }, "csiNodeServiceAccountName": { + "description": "Name of the service account used by the CSI node pods", "type": "string" }, "csiProvisionerImage": { + "description": "Name of the CSI external provisioner image. See https://kubernetes-csi.github.io/docs/external-provisioner.html", "type": "string" }, "csiResizerImage": { + "description": "Name of the CSI external resizer image. See https://kubernetes-csi.github.io/docs/external-resizer.html", "type": "string" }, "csiSnapshotterImage": { + "description": "Name of the CSI external snapshotter image. See https://kubernetes-csi.github.io/docs/external-snapshotter.html", "type": "string" }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "imagePullSecret": { + "description": "Name of a secret with authentication details for the `LinstorPluginImage` registry", "type": "string" }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.pem`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `client.key`: client key used by the linstor client (PEM format, without password) (c) `client.cert`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "linstorPluginImage": { + "description": "Image that contains the linstor-csi driver plugin", "type": "string" }, "nodeAffinity": { + "description": "Affinity for scheduling the CSI node pods", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -525,11 +632,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -537,12 +647,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -553,8 +666,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -562,12 +677,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -581,6 +699,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -589,19 +708,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -609,12 +733,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -625,8 +752,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -634,12 +763,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -660,11 +792,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -672,17 +807,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -690,12 +829,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -706,6 +848,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -715,18 +858,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -735,19 +881,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -755,12 +906,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -771,6 +925,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -780,12 +935,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -796,11 +953,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -808,17 +968,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -826,12 +990,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -842,6 +1009,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -851,18 +1019,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -871,19 +1042,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -891,12 +1067,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -907,6 +1086,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -916,12 +1096,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -936,24 +1118,31 @@ "nullable": true }, "nodeTolerations": { + "description": "Tolerations for scheduling CSI node pods", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -962,39 +1151,25 @@ "nullable": true }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the csi driver pods", "type": "string" }, "resources": { + "description": "Resource requirements for the csi pods. The requirements are re-used for all pods (node/controller).", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } } }, @@ -1005,6 +1180,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorCSIDriverStatus defines the observed state of LinstorCSIDriver", "type": "object", "required": [ "ControllerReady", @@ -1013,12 +1189,15 @@ ], "properties": { "ControllerReady": { + "description": "CSI controller ready status", "type": "boolean" }, "NodeReady": { + "description": "CSI node components ready status", "type": "boolean" }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/piraeus.linbit.com/linstornodeset_v1alpha1.json b/schema/piraeus.linbit.com/linstornodeset_v1alpha1.json index 98934cdee..92007207c 100644 --- a/schema/piraeus.linbit.com/linstornodeset_v1alpha1.json +++ b/schema/piraeus.linbit.com/linstornodeset_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "LinstorNodeSet is the Schema for the linstornodesets API DEPRECATED: use LinstorSatelliteSet", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorNodeSetSpec defines the desired state of LinstorNodeSet", "type": "object", "required": [ "drbdRepoCred", @@ -19,14 +23,18 @@ ], "properties": { "affinity": { + "description": "Affinity for scheduling the satellite pods", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -34,11 +42,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -46,12 +57,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -62,8 +76,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -71,12 +87,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -90,6 +109,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -98,19 +118,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -118,12 +143,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -134,8 +162,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -143,12 +173,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -169,11 +202,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -181,17 +217,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -199,12 +239,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -215,6 +258,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -224,18 +268,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -244,19 +291,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -264,12 +316,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -280,6 +335,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -289,12 +345,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -305,11 +363,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -317,17 +378,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -335,12 +400,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -351,6 +419,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -360,18 +429,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -380,19 +452,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -400,12 +477,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -416,6 +496,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -425,12 +506,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -445,6 +528,7 @@ "nullable": true }, "automaticStorageType": { + "description": "If set, the operator will automatically create storage pools of the specified type for all devices that can be found. The name of the storage pools matches the device name. For example, all devices `/dev/sdc` will be part of the `sdc` storage pool.", "type": "string", "enum": [ "None", @@ -454,9 +538,11 @@ ] }, "controllerEndpoint": { + "description": "Cluster URL of the linstor controller. If not set, will be determined from the current resource name.", "type": "string" }, "drbdKernelModuleInjectionMode": { + "description": "drbdKernelModuleInjectionMode selects the source for the DRBD kernel module DEPRECATED: use kernelModuleInjectionMode", "type": "string", "enum": [ "None", @@ -466,18 +552,23 @@ ] }, "drbdRepoCred": { + "description": "drbdRepoCred is the name of the kubernetes secret that holds the credential for the DRBD repositories", "type": "string" }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "kernelModImage": { + "description": "kernelModImage is the image (location + tag) for the LINSTOR/DRBD kernel module injector container DEPRECATED: use kernelModuleInjectionImage", "type": "string" }, "kernelModuleInjectionImage": { + "description": "kernelModuleInjectionImage is the image (location + tag) for the LINSTOR/DRBD kernel module injector", "type": "string" }, "kernelModuleInjectionMode": { + "description": "kernelModuleInjectionMode selects the source for the DRBD kernel module", "type": "string", "enum": [ "None", @@ -487,36 +578,21 @@ ] }, "kernelModuleInjectionResources": { + "description": "Resource requirements for the kernel module builder/injector container", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } } }, @@ -524,42 +600,29 @@ "nullable": true }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.pem`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `client.key`: client key used by the linstor client (PEM format, without password) (c) `client.cert`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the node pods", "type": "string" }, "resources": { + "description": "Resource requirements for the LINSTOR satellite container", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } } }, @@ -567,18 +630,23 @@ "nullable": true }, "satelliteImage": { + "description": "satelliteImage is the image (location + tag) for the LINSTOR satellite container", "type": "string" }, "sslSecret": { + "description": "Name of k8s secret that holds the SSL key for a node (called `keystore.jks`) and the trusted certificates (called `certificates.jks`)", "type": "string", "nullable": true }, "storagePools": { + "description": "StoragePools is a list of StoragePools for LinstorSatelliteSet to manage.", "type": "object", "properties": { "lvmPools": { + "description": "LVMPools for LinstorSatelliteSet to manage.", "type": "array", "items": { + "description": "StoragePoolLVM represents LVM storage pool to be managed by a LinstorSatelliteSet", "type": "object", "required": [ "name", @@ -586,9 +654,11 @@ ], "properties": { "name": { + "description": "Name of the storage pool.", "type": "string" }, "volumeGroup": { + "description": "Name of underlying lvm group", "type": "string" } }, @@ -597,8 +667,10 @@ "nullable": true }, "lvmThinPools": { + "description": "LVMThinPools for LinstorSatelliteSet to manage.", "type": "array", "items": { + "description": "StoragePoolLVMThin represents LVM Thin storage pool to be managed by a LinstorSatelliteSet", "type": "object", "required": [ "name", @@ -607,12 +679,15 @@ ], "properties": { "name": { + "description": "Name of the storage pool.", "type": "string" }, "thinVolume": { + "description": "Name of underlying lvm thin volume", "type": "string" }, "volumeGroup": { + "description": "Name of underlying lvm group", "type": "string" } }, @@ -625,24 +700,31 @@ "nullable": true }, "tolerations": { + "description": "Tolerations for scheduling the satellite pods", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -654,6 +736,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorNodeSetStatus defines the observed state of LinstorNodeSet", "type": "object", "required": [ "SatelliteStatuses", @@ -661,14 +744,18 @@ ], "properties": { "DependantsMigrated": { + "description": "DependantsMigrated indicated that all resources created from this LinstorNodeSet have a new owner.", "type": "boolean" }, "ResourceMigrated": { + "description": "ResourceMigrated indicates that this LinstorNodeSet was already converted into a LinstorSatelliteSet.", "type": "boolean" }, "SatelliteStatuses": { + "description": "SatelliteStatuses by hostname.", "type": "array", "items": { + "description": "SatelliteStatus should provide all the information that the reconsile loop needs to manage the operation of the LINSTOR Satellite.", "type": "object", "required": [ "connectionStatus", @@ -678,17 +765,22 @@ ], "properties": { "connectionStatus": { + "description": "As indicated by Linstor", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" }, "storagePoolStatus": { + "description": "StoragePoolStatuses by storage pool name.", "type": "array", "items": { + "description": "StoragePoolStatus reports basic information about storage pool state.", "type": "object", "required": [ "freeCapacity", @@ -699,16 +791,20 @@ ], "properties": { "freeCapacity": { + "description": "Usage reporting", "type": "integer", "format": "int64" }, "name": { + "description": "The name of the storage pool.", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet hosting the storage pool.", "type": "string" }, "provider": { + "description": "Provider is the underlying storage, lvm, zfs, etc.", "type": "string" }, "totalCapacity": { @@ -724,6 +820,7 @@ } }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/piraeus.linbit.com/linstorsatelliteset_v1.json b/schema/piraeus.linbit.com/linstorsatelliteset_v1.json index d9ec54c5b..273da6260 100644 --- a/schema/piraeus.linbit.com/linstorsatelliteset_v1.json +++ b/schema/piraeus.linbit.com/linstorsatelliteset_v1.json @@ -1,16 +1,20 @@ { + "description": "LinstorSatelliteSet is the Schema for the linstorsatellitesets API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorSatelliteSetSpec defines the desired state of a LinstorSatelliteSet.", "type": "object", "required": [ "drbdRepoCred", @@ -19,67 +23,80 @@ ], "properties": { "additionalEnv": { + "description": "AdditionalEnv is a list of extra environments variables to pass to the satellite container", "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -92,30 +109,33 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -126,14 +146,18 @@ "nullable": true }, "affinity": { + "description": "Affinity for scheduling the satellite pods", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -141,11 +165,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -153,12 +180,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -169,8 +199,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -178,12 +210,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -194,10 +229,10 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -206,19 +241,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -226,12 +266,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -242,8 +285,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -251,12 +296,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -267,23 +315,24 @@ } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -291,17 +340,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -309,12 +362,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -325,21 +381,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -347,12 +406,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -363,28 +425,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -393,19 +458,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -413,12 +483,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -429,21 +502,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -451,12 +527,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -467,22 +546,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -493,11 +574,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -505,17 +589,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -523,12 +611,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -539,21 +630,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -561,12 +655,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -577,28 +674,31 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -607,19 +707,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -627,12 +732,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -643,21 +751,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -665,12 +776,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -681,22 +795,24 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -711,6 +827,7 @@ "nullable": true }, "automaticStorageType": { + "description": "If set, the operator will automatically create storage pools of the specified type for all devices that can be found. The name of the storage pools matches the device name. For example, all devices `/dev/sdc` will be part of the `autopool-sdc` storage pool. Note: Using this attribute is discouraged. Using the \"storagePools\" to set up devices allows for more control on device creation.", "type": "string", "enum": [ "None", @@ -720,9 +837,11 @@ ] }, "controllerEndpoint": { + "description": "Cluster URL of the linstor controller. If not set, will be determined from the current resource name.", "type": "string" }, "dnsPolicy": { + "description": "DNSPolicy sets the DNS policy for the pod.", "type": "string", "enum": [ "ClusterFirstWithHostNet", @@ -733,39 +852,48 @@ "nullable": true }, "drbdRepoCred": { + "description": "drbdRepoCred is the name of the kubernetes secret that holds the credential for the DRBD repositories", "type": "string" }, "extraVolumes": { + "description": "ExtraVolumes are additional volumes which can be added to the pods.", "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -773,27 +901,34 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" } }, "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -801,92 +936,111 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -894,13 +1048,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -908,41 +1065,48 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -952,53 +1116,64 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1011,11 +1186,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -1025,12 +1200,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1046,27 +1224,33 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where `\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -1074,19 +1258,22 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -1094,32 +1281,40 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -1131,6 +1326,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1146,6 +1342,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1164,11 +1361,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -1176,12 +1376,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1192,22 +1395,25 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" } } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -1220,25 +1426,31 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -1248,92 +1460,111 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker should be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -1341,33 +1572,40 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -1376,56 +1614,69 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface \u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -1433,83 +1684,103 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types", "type": "object", "properties": { "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1517,13 +1788,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1531,59 +1805,70 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1596,11 +1881,11 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -1610,11 +1895,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1622,13 +1910,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1636,29 +1927,34 @@ } }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", "type": "string" } }, @@ -1672,6 +1968,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -1679,27 +1976,34 @@ ], "properties": { "group": { + "description": "group to map volume access to Default is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to Defaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -1707,43 +2011,52 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -1752,55 +2065,69 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1808,13 +2135,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string" } }, @@ -1822,58 +2152,71 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -1885,15 +2228,19 @@ "nullable": true }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "kernelModuleInjectionAdditionalSourceDirectory": { + "description": "kernelModuleInjectionAdditionalSourceDirectory is the directory containing the kernel sources and config on the host. It will be mounted read-only when the injection mode is Compile. If unset, defaults to /usr/src. To disable the mount, specify \"none\".", "type": "string", "nullable": true }, "kernelModuleInjectionExtraVolumeMounts": { + "description": "KernelModuleInjectionExtraVolumeMounts are additional volumes mounts for the kernel module builder/injector container.", "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -1901,21 +2248,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -1924,9 +2277,11 @@ "nullable": true }, "kernelModuleInjectionImage": { + "description": "kernelModuleInjectionImage is the image (location + tag) for the LINSTOR/DRBD kernel module injector", "type": "string" }, "kernelModuleInjectionMode": { + "description": "kernelModuleInjectionMode selects the source for the DRBD kernel module", "type": "string", "enum": [ "None", @@ -1936,17 +2291,21 @@ ] }, "kernelModuleInjectionResources": { + "description": "Resource requirements for the kernel module builder/injector container", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -1958,6 +2317,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1973,6 +2333,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1992,9 +2353,11 @@ "nullable": true }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.crt`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `tls.key`: client key used by the linstor client (PEM format, without password) (c) `tls.crt`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "logLevel": { + "description": "LogLevel sets the log level for deployed components.", "type": "string", "enum": [ "error", @@ -2006,32 +2369,40 @@ "nullable": true }, "monitoringBindAddress": { + "description": "MonitoringBindAddress is the address used to bind monitoring information exporter.", "type": "string", "nullable": true }, "monitoringImage": { + "description": "MonitoringImage is the image used to export monitoring information from DRBD and Linstor.", "type": "string", "nullable": true }, "mountDrbdResourceDirectoriesFromHost": { + "description": "MountDrbdResourceDirectoriesFromHost sets up the hostpath volume mounts in the satellite set for DRBD resource directories.", "type": "boolean", "nullable": true }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the node pods", "type": "string" }, "resources": { + "description": "Resource requirements for the LINSTOR satellite container", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -2043,6 +2414,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2058,6 +2430,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2077,93 +2450,112 @@ "nullable": true }, "satelliteImage": { + "description": "satelliteImage is the image (location + tag) for the LINSTOR satellite container", "type": "string" }, "serviceAccountName": { + "description": "Name of the service account to be used for the created pods", "type": "string" }, "sidecars": { + "description": "Sidecars are additional containers which can be added to the pods.", "type": "array", "items": { + "description": "A single application container that you want to run within a pod.", "type": "object", "required": [ "name" ], "properties": { "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2176,30 +2568,33 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false @@ -2209,59 +2604,72 @@ } }, "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps", "type": "object", "properties": { "configMapRef": { + "description": "The ConfigMap to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { + "description": "The Secret to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "additionalProperties": false } }, "additionalProperties": false } }, "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", "type": "object", "properties": { "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2271,17 +2679,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2289,9 +2701,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2299,9 +2713,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2313,21 +2729,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2345,12 +2765,15 @@ "additionalProperties": false }, "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2360,17 +2783,21 @@ "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2378,9 +2805,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2388,9 +2817,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2402,21 +2833,25 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2437,12 +2872,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2452,38 +2890,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2491,9 +2936,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2501,9 +2948,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2515,33 +2964,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2556,10 +3012,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -2567,31 +3025,39 @@ "additionalProperties": false }, "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string" }, "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", "type": "array", "items": { + "description": "ContainerPort represents a network port in a single container.", "type": "object", "required": [ "containerPort" ], "properties": { "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 \u003c x \u003c 65536.", "type": "integer", "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 \u003c x \u003c 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", "type": "integer", "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" }, "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", "type": "string", "default": "TCP" } @@ -2605,12 +3071,15 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2620,38 +3089,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2659,9 +3135,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2669,9 +3147,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2683,33 +3163,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2724,10 +3211,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -2735,17 +3224,21 @@ "additionalProperties": false }, "resources": { + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string" } }, @@ -2757,6 +3250,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2772,6 +3266,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2790,23 +3285,30 @@ "additionalProperties": false }, "securityContext": { + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } } @@ -2814,71 +3316,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod \u0026 container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -2888,12 +3409,15 @@ "additionalProperties": false }, "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2903,38 +3427,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { - "type": "string", - "default": "" + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2942,9 +3473,11 @@ ], "properties": { "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2952,9 +3485,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2966,33 +3501,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -3007,10 +3549,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -3018,23 +3562,30 @@ "additionalProperties": false }, "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", "type": "boolean" }, "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", "type": "boolean" }, "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", "type": "string" }, "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", "type": "boolean" }, "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "type": "array", "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "type": "object", "required": [ "devicePath", @@ -3042,9 +3593,11 @@ ], "properties": { "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string" }, "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string" } }, @@ -3052,8 +3605,10 @@ } }, "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -3061,21 +3616,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -3083,6 +3644,7 @@ } }, "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" } }, @@ -3091,15 +3653,19 @@ "nullable": true }, "sslSecret": { + "description": "Name of k8s secret that holds the SSL key for a node (called `keystore.jks`) and the trusted certificates (called `certificates.jks`)", "type": "string", "nullable": true }, "storagePools": { + "description": "StoragePools is a list of StoragePools for LinstorSatelliteSet to manage.", "type": "object", "properties": { "lvmPools": { + "description": "LVMPools for LinstorSatelliteSet to manage.", "type": "array", "items": { + "description": "StoragePoolLVM represents LVM storage pool to be managed by a LinstorSatelliteSet", "type": "object", "required": [ "name", @@ -3107,29 +3673,36 @@ ], "properties": { "devicePaths": { + "description": "List of device paths that should make up the VG", "type": "array", "items": { "type": "string" } }, "name": { + "description": "Name of the storage pool.", "type": "string" }, "raidLevel": { + "description": "Set LVM RaidLevel", "type": "string" }, "vdo": { + "description": "Enable the Virtual Data Optimizer (VDO) on the volume group.", "type": "boolean" }, "vdoLogicalSizeKib": { + "description": "Set VDO logical volume size", "type": "integer", "format": "int32" }, "vdoSlabSizeKib": { + "description": "Set VDO slab size", "type": "integer", "format": "int32" }, "volumeGroup": { + "description": "Name of underlying lvm group", "type": "string" } }, @@ -3138,8 +3711,10 @@ "nullable": true }, "lvmThinPools": { + "description": "LVMThinPools for LinstorSatelliteSet to manage.", "type": "array", "items": { + "description": "StoragePoolLVMThin represents LVM Thin storage pool to be managed by a LinstorSatelliteSet.", "type": "object", "required": [ "name", @@ -3148,21 +3723,26 @@ ], "properties": { "devicePaths": { + "description": "List of device paths that should make up the VG", "type": "array", "items": { "type": "string" } }, "name": { + "description": "Name of the storage pool.", "type": "string" }, "raidLevel": { + "description": "Set LVM RaidLevel", "type": "string" }, "thinVolume": { + "description": "Name of underlying lvm thin volume", "type": "string" }, "volumeGroup": { + "description": "Name of underlying lvm group", "type": "string" } }, @@ -3171,8 +3751,10 @@ "nullable": true }, "zfsPools": { + "description": "ZFSPools for LinstorSatelliteSet to manage", "type": "array", "items": { + "description": "StoragePoolZFS represents", "type": "object", "required": [ "name", @@ -3181,12 +3763,15 @@ ], "properties": { "name": { + "description": "Name of the storage pool.", "type": "string" }, "thin": { + "description": "use thin provisioning", "type": "boolean" }, "zPool": { + "description": "Name of the zpool to use.", "type": "string" } }, @@ -3199,24 +3784,31 @@ "nullable": true }, "tolerations": { + "description": "Tolerations for scheduling the satellite pods", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -3228,6 +3820,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorSatelliteSetStatus defines the observed state of LinstorSatelliteSet", "type": "object", "required": [ "SatelliteStatuses", @@ -3235,8 +3828,10 @@ ], "properties": { "SatelliteStatuses": { + "description": "SatelliteStatuses by hostname.", "type": "array", "items": { + "description": "SatelliteStatus should provide all the information that the reconsile loop needs to manage the operation of the LINSTOR Satellite.", "type": "object", "required": [ "connectionStatus", @@ -3246,17 +3841,22 @@ ], "properties": { "connectionStatus": { + "description": "As indicated by Linstor", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" }, "storagePoolStatus": { + "description": "StoragePoolStatuses by storage pool name.", "type": "array", "items": { + "description": "StoragePoolStatus reports basic information about storage pool state.", "type": "object", "required": [ "freeCapacity", @@ -3267,16 +3867,20 @@ ], "properties": { "freeCapacity": { + "description": "Usage reporting", "type": "integer", "format": "int64" }, "name": { + "description": "The name of the storage pool.", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet hosting the storage pool.", "type": "string" }, "provider": { + "description": "Provider is the underlying storage, lvm, zfs, etc.", "type": "string" }, "totalCapacity": { @@ -3292,6 +3896,7 @@ } }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/piraeus.linbit.com/linstorsatelliteset_v1alpha1.json b/schema/piraeus.linbit.com/linstorsatelliteset_v1alpha1.json index 3c2e246a4..92b42cfad 100644 --- a/schema/piraeus.linbit.com/linstorsatelliteset_v1alpha1.json +++ b/schema/piraeus.linbit.com/linstorsatelliteset_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "LinstorSatelliteSet is the Schema for the linstorsatellitesets API DEPRECATED: use v1", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "LinstorSatelliteSetSpec defines the desired state of a LinstorSatelliteSet.", "type": "object", "required": [ "drbdRepoCred", @@ -19,14 +23,18 @@ ], "properties": { "affinity": { + "description": "Affinity for scheduling the satellite pods", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -34,11 +42,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -46,12 +57,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -62,8 +76,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -71,12 +87,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -90,6 +109,7 @@ "additionalProperties": false }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -98,19 +118,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -118,12 +143,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -134,8 +162,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -143,12 +173,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -169,11 +202,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -181,17 +217,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -199,12 +239,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -215,6 +258,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -224,18 +268,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -244,19 +291,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -264,12 +316,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -280,6 +335,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -289,12 +345,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -305,11 +363,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -317,17 +378,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -335,12 +400,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -351,6 +419,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -360,18 +429,21 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -380,19 +452,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ "key", @@ -400,12 +477,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -416,6 +496,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -425,12 +506,14 @@ "additionalProperties": false }, "namespaces": { + "description": "namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means \"this pod's namespace\"", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string" } }, @@ -445,6 +528,7 @@ "nullable": true }, "automaticStorageType": { + "description": "If set, the operator will automatically create storage pools of the specified type for all devices that can be found. The name of the storage pools matches the device name. For example, all devices `/dev/sdc` will be part of the `sdc` storage pool.", "type": "string", "enum": [ "None", @@ -454,18 +538,23 @@ ] }, "controllerEndpoint": { + "description": "Cluster URL of the linstor controller. If not set, will be determined from the current resource name.", "type": "string" }, "drbdRepoCred": { + "description": "drbdRepoCred is the name of the kubernetes secret that holds the credential for the DRBD repositories", "type": "string" }, "imagePullPolicy": { + "description": "Pull policy applied to all pods started from this controller", "type": "string" }, "kernelModuleInjectionImage": { + "description": "kernelModuleInjectionImage is the image (location + tag) for the LINSTOR/DRBD kernel module injector", "type": "string" }, "kernelModuleInjectionMode": { + "description": "kernelModuleInjectionMode selects the source for the DRBD kernel module", "type": "string", "enum": [ "None", @@ -475,36 +564,21 @@ ] }, "kernelModuleInjectionResources": { + "description": "Resource requirements for the kernel module builder/injector container", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } } }, @@ -512,42 +586,29 @@ "nullable": true }, "linstorHttpsClientSecret": { + "description": "Name of the secret containing: (a) `ca.pem`: root certificate used to validate HTTPS connections with Linstor (PEM format, without password) (b) `client.key`: client key used by the linstor client (PEM format, without password) (c) `client.cert`: client certificate matching the client key (PEM format, without password) If set, HTTPS is used for connecting and authenticating with linstor", "type": "string" }, "priorityClassName": { + "description": "priorityClassName is the name of the PriorityClass for the node pods", "type": "string" }, "resources": { + "description": "Resource requirements for the LINSTOR satellite container", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true + "type": "string" } } }, @@ -555,18 +616,23 @@ "nullable": true }, "satelliteImage": { + "description": "satelliteImage is the image (location + tag) for the LINSTOR satellite container", "type": "string" }, "sslSecret": { + "description": "Name of k8s secret that holds the SSL key for a node (called `keystore.jks`) and the trusted certificates (called `certificates.jks`)", "type": "string", "nullable": true }, "storagePools": { + "description": "StoragePools is a list of StoragePools for LinstorSatelliteSet to manage.", "type": "object", "properties": { "lvmPools": { + "description": "LVMPools for LinstorSatelliteSet to manage.", "type": "array", "items": { + "description": "StoragePoolLVM represents LVM storage pool to be managed by a LinstorSatelliteSet", "type": "object", "required": [ "name", @@ -574,9 +640,11 @@ ], "properties": { "name": { + "description": "Name of the storage pool.", "type": "string" }, "volumeGroup": { + "description": "Name of underlying lvm group", "type": "string" } }, @@ -585,8 +653,10 @@ "nullable": true }, "lvmThinPools": { + "description": "LVMThinPools for LinstorSatelliteSet to manage.", "type": "array", "items": { + "description": "StoragePoolLVMThin represents LVM Thin storage pool to be managed by a LinstorSatelliteSet", "type": "object", "required": [ "name", @@ -595,12 +665,15 @@ ], "properties": { "name": { + "description": "Name of the storage pool.", "type": "string" }, "thinVolume": { + "description": "Name of underlying lvm thin volume", "type": "string" }, "volumeGroup": { + "description": "Name of underlying lvm group", "type": "string" } }, @@ -613,24 +686,31 @@ "nullable": true }, "tolerations": { + "description": "Tolerations for scheduling the satellite pods", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -642,6 +722,7 @@ "additionalProperties": false }, "status": { + "description": "LinstorSatelliteSetStatus defines the observed state of LinstorSatelliteSet", "type": "object", "required": [ "SatelliteStatuses", @@ -649,8 +730,10 @@ ], "properties": { "SatelliteStatuses": { + "description": "SatelliteStatuses by hostname.", "type": "array", "items": { + "description": "SatelliteStatus should provide all the information that the reconsile loop needs to manage the operation of the LINSTOR Satellite.", "type": "object", "required": [ "connectionStatus", @@ -660,17 +743,22 @@ ], "properties": { "connectionStatus": { + "description": "As indicated by Linstor", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet running the node", "type": "string" }, "registeredOnController": { + "description": "Indicates if the node has been created on the controller.", "type": "boolean" }, "storagePoolStatus": { + "description": "StoragePoolStatuses by storage pool name.", "type": "array", "items": { + "description": "StoragePoolStatus reports basic information about storage pool state.", "type": "object", "required": [ "freeCapacity", @@ -681,16 +769,20 @@ ], "properties": { "freeCapacity": { + "description": "Usage reporting", "type": "integer", "format": "int64" }, "name": { + "description": "The name of the storage pool.", "type": "string" }, "nodeName": { + "description": "The hostname of the kubelet hosting the storage pool.", "type": "string" }, "provider": { + "description": "Provider is the underlying storage, lvm, zfs, etc.", "type": "string" }, "totalCapacity": { @@ -706,6 +798,7 @@ } }, "errors": { + "description": "Errors remaining that will trigger reconciliations.", "type": "array", "items": { "type": "string" diff --git a/schema/pkg.crossplane.io/configuration_v1beta1.json b/schema/pkg.crossplane.io/configuration_v1beta1.json index df1db44f5..9b8d4524c 100644 --- a/schema/pkg.crossplane.io/configuration_v1beta1.json +++ b/schema/pkg.crossplane.io/configuration_v1beta1.json @@ -1,38 +1,48 @@ { + "description": "Configuration is the CRD type for a request to add a configuration to Crossplane. [DEPRECATED]: Please use the identical v1 API instead. The v1beta1 API is scheduled to be removed in Crossplane v1.6.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ConfigurationSpec specifies details about a request to install a configuration to Crossplane.", "type": "object", "required": [ "package" ], "properties": { "ignoreCrossplaneConstraints": { + "description": "IgnoreCrossplaneConstraints indicates to the package manager whether to honor Crossplane version constrains specified by the package. Default is false.", "type": "boolean", "default": false }, "package": { + "description": "Package is the name of the package that is being requested.", "type": "string" }, "packagePullPolicy": { + "description": "PackagePullPolicy defines the pull policy for the package. Default is IfNotPresent.", "type": "string", "default": "IfNotPresent" }, "packagePullSecrets": { + "description": "PackagePullSecrets are named secrets in the same namespace that can be used to fetch packages from private registries.", "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -40,15 +50,18 @@ } }, "revisionActivationPolicy": { + "description": "RevisionActivationPolicy specifies how the package controller should update from one revision to the next. Options are Automatic or Manual. Default is Automatic.", "type": "string", "default": "Automatic" }, "revisionHistoryLimit": { + "description": "RevisionHistoryLimit dictates how the package controller cleans up old inactive package revisions. Defaults to 1. Can be disabled by explicitly setting to 0.", "type": "integer", "format": "int64", "default": 1 }, "skipDependencyResolution": { + "description": "SkipDependencyResolution indicates to the package manager whether to skip resolving dependencies for a package. Setting this value to true may have unintended consequences. Default is false.", "type": "boolean", "default": false } @@ -56,11 +69,14 @@ "additionalProperties": false }, "status": { + "description": "ConfigurationStatus represents the observed state of a Configuration.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -70,19 +86,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, @@ -90,9 +111,11 @@ } }, "currentIdentifier": { + "description": "CurrentIdentifier is the most recent package source that was used to produce a revision. The package manager uses this field to determine whether to check for package updates for a given source when packagePullPolicy is set to IfNotPresent. Manually removing this field will cause the package manager to check that the current revision is correct for the given package source.", "type": "string" }, "currentRevision": { + "description": "CurrentRevision is the name of the current package revision. It will reflect the most up to date revision, whether it has been activated or not.", "type": "string" } }, diff --git a/schema/pkg.crossplane.io/configurationrevision_v1beta1.json b/schema/pkg.crossplane.io/configurationrevision_v1beta1.json index 55208cf91..cd637db08 100644 --- a/schema/pkg.crossplane.io/configurationrevision_v1beta1.json +++ b/schema/pkg.crossplane.io/configurationrevision_v1beta1.json @@ -1,16 +1,20 @@ { + "description": "A ConfigurationRevision that has been added to Crossplane. [DEPRECATED]: Please use the identical v1 API instead. The v1beta1 API is scheduled to be removed in Crossplane v1.6.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "PackageRevisionSpec specifies the desired state of a PackageRevision.", "type": "object", "required": [ "desiredState", @@ -19,37 +23,46 @@ ], "properties": { "controllerConfigRef": { + "description": "ControllerConfigRef references a ControllerConfig resource that will be used to configure the packaged controller Deployment.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" } }, "additionalProperties": false }, "desiredState": { + "description": "DesiredState of the PackageRevision. Can be either Active or Inactive.", "type": "string" }, "ignoreCrossplaneConstraints": { + "description": "IgnoreCrossplaneConstraints indicates to the package manager whether to honor Crossplane version constrains specified by the package. Default is false.", "type": "boolean", "default": false }, "image": { + "description": "Package image used by install Pod to extract package contents.", "type": "string" }, "packagePullPolicy": { + "description": "PackagePullPolicy defines the pull policy for the package. It is also applied to any images pulled for the package, such as a provider's controller image. Default is IfNotPresent.", "type": "string", "default": "IfNotPresent" }, "packagePullSecrets": { + "description": "PackagePullSecrets are named secrets in the same namespace that can be used to fetch packages from private registries. They are also applied to any images pulled for the package, such as a provider's controller image.", "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -57,10 +70,12 @@ } }, "revision": { + "description": "Revision number. Indicates when the revision will be garbage collected based on the parent's RevisionHistoryLimit.", "type": "integer", "format": "int64" }, "skipDependencyResolution": { + "description": "SkipDependencyResolution indicates to the package manager whether to skip resolving dependencies for a package. Setting this value to true may have unintended consequences. Default is false.", "type": "boolean", "default": false } @@ -68,11 +83,14 @@ "additionalProperties": false }, "status": { + "description": "PackageRevisionStatus represents the observed state of a PackageRevision.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -82,19 +100,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, @@ -102,18 +125,21 @@ } }, "controllerRef": { + "description": "A Reference to a named object.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" } }, "additionalProperties": false }, "foundDependencies": { + "description": "Dependency information.", "type": "integer", "format": "int64" }, @@ -126,8 +152,10 @@ "format": "int64" }, "objectRefs": { + "description": "References to objects owned by PackageRevision.", "type": "array", "items": { + "description": "A TypedReference refers to an object by Name, Kind, and APIVersion. It is commonly used to reference cluster-scoped objects or objects where the namespace is already known.", "type": "object", "required": [ "apiVersion", @@ -136,15 +164,19 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the referenced object.", "type": "string" }, "kind": { + "description": "Kind of the referenced object.", "type": "string" }, "name": { + "description": "Name of the referenced object.", "type": "string" }, "uid": { + "description": "UID of the referenced object.", "type": "string" } }, @@ -152,38 +184,45 @@ } }, "permissionRequests": { + "description": "PermissionRequests made by this package. The package declares that its controller needs these permissions to run. The RBAC manager is responsible for granting them.", "type": "array", "items": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", "type": "object", "required": [ "verbs" ], "properties": { "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.", "type": "array", "items": { "type": "string" } }, "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", "type": "array", "items": { "type": "string" } }, "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", "type": "array", "items": { "type": "string" } }, "resources": { + "description": "Resources is a list of resources this rule applies to. ResourceAll represents all resources.", "type": "array", "items": { "type": "string" } }, "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.", "type": "array", "items": { "type": "string" diff --git a/schema/pkg.crossplane.io/controllerconfig_v1alpha1.json b/schema/pkg.crossplane.io/controllerconfig_v1alpha1.json index 6b74735f6..72b17aea0 100644 --- a/schema/pkg.crossplane.io/controllerconfig_v1alpha1.json +++ b/schema/pkg.crossplane.io/controllerconfig_v1alpha1.json @@ -1,27 +1,35 @@ { + "description": "A ControllerConfig applies settings to controllers like Provider pods.\nDeprecated: Use the\n[DeploymentRuntimeConfig](https://docs.crossplane.io/latest/concepts/providers#runtime-configuration)\ninstead.\n\nRead the\n[Package Runtime Configuration](https://github.com/crossplane/crossplane/blob/11bbe13ea3604928cc4e24e8d0d18f3f5f7e847c/design/one-pager-package-runtime-config.md)\ndesign document for more details.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ControllerConfigSpec specifies the configuration for a packaged controller.\nValues provided will override package manager defaults. Labels and\nannotations are passed to both the controller Deployment and ServiceAccount.", "type": "object", "properties": { "affinity": { + "description": "If specified, the pod's scheduling constraints", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -29,11 +37,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -41,12 +52,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -59,8 +73,10 @@ "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -68,12 +84,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -90,6 +109,7 @@ "x-kubernetes-map-type": "atomic" }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -99,19 +119,24 @@ "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -119,12 +144,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -137,8 +165,10 @@ "x-kubernetes-list-type": "atomic" }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -146,12 +176,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -177,11 +210,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -189,17 +225,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -207,12 +247,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -225,6 +268,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -235,6 +279,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -242,6 +287,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -249,11 +295,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -261,12 +310,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -279,6 +331,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -289,6 +342,7 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" @@ -296,12 +350,14 @@ "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -311,19 +367,24 @@ "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -331,12 +392,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -349,6 +413,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -359,6 +424,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -366,6 +432,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -373,11 +440,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -385,12 +455,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -403,6 +476,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -413,6 +487,7 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" @@ -420,6 +495,7 @@ "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -431,11 +507,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -443,17 +522,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -461,12 +544,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -479,6 +565,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -489,6 +576,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -496,6 +584,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -503,11 +592,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -515,12 +607,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -533,6 +628,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -543,6 +639,7 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" @@ -550,12 +647,14 @@ "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -565,19 +664,24 @@ "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -585,12 +689,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -603,6 +710,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -613,6 +721,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -620,6 +729,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", "type": "array", "items": { "type": "string" @@ -627,11 +737,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -639,12 +752,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -657,6 +773,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -667,6 +784,7 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" @@ -674,6 +792,7 @@ "x-kubernetes-list-type": "atomic" }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -688,42 +807,52 @@ "additionalProperties": false }, "args": { + "description": "Arguments to the entrypoint.\nThe docker image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax\ncan be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded,\nregardless of whether the variable exists or not.\nCannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string" } }, "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -731,15 +860,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -747,15 +879,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -768,6 +903,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -775,19 +911,23 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -802,18 +942,23 @@ } }, "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", "type": "array", "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps", "type": "object", "properties": { "configMapRef": { + "description": "The ConfigMap to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, "optional": { + "description": "Specify whether the ConfigMap must be defined", "type": "boolean" } }, @@ -821,16 +966,20 @@ "x-kubernetes-map-type": "atomic" }, "prefix": { + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.", "type": "string" }, "secretRef": { + "description": "The Secret to select from", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, "optional": { + "description": "Specify whether the Secret must be defined", "type": "boolean" } }, @@ -842,17 +991,22 @@ } }, "image": { + "description": "Docker image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.\nIf specified, these secrets will be passed to individual puller implementations for them to use. For example,\nin the case of docker, only DockerConfig type secrets are honored.\nMore info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod\nSetting ImagePullSecrets will replace any secrets that have been\npropagated to a controller Deployment, typically via packagePullSecrets.", "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -862,15 +1016,18 @@ } }, "metadata": { + "description": "Metadata that will be added to the provider Pod.", "type": "object", "properties": { "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http:https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { + "description": "Map of string keys and values that can be used to organize and\ncategorize (scope and select) objects. This will only affect\nlabels on the pod, not the pod selector. Labels will be merged\nwith internal labels used by crossplane, and labels with a\ncrossplane.io key might be overwritten.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", "type": "object", "additionalProperties": { "type": "string" @@ -880,84 +1037,104 @@ "additionalProperties": false }, "nodeName": { + "description": "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements.", "type": "string" }, "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node.\nSelector which must match a node's labels for the pod to be scheduled on that node.\nMore info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", "type": "object", "additionalProperties": { "type": "string" } }, "podSecurityContext": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", "type": "object", "properties": { "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", "type": "string" } }, "additionalProperties": false }, "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { "type": "integer", @@ -966,11 +1143,14 @@ "x-kubernetes-list-type": "atomic" }, "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { + "description": "Sysctl defines a kernel parameter to be set", "type": "object", "required": [ "name", @@ -978,9 +1158,11 @@ ], "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" } }, @@ -989,18 +1171,23 @@ "x-kubernetes-list-type": "atomic" }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -1010,28 +1197,35 @@ "additionalProperties": false }, "ports": { + "description": "List of container ports to expose on the container", "type": "array", "items": { + "description": "ContainerPort represents a network port in a single container.", "type": "object", "required": [ "containerPort" ], "properties": { "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 \u003c x \u003c 65536.", "type": "integer", "format": "int32" }, "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 \u003c x \u003c 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", "type": "integer", "format": "int32" }, "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", "type": "string" }, "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string", "default": "TCP" } @@ -1040,27 +1234,34 @@ } }, "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and\n\"system-cluster-critical\" are two special keywords which indicate the\nhighest priorities with the former being the highest priority. Any other\nname must be defined by creating a PriorityClass object with that name.\nIf not specified, the pod priority will be default or zero if there is no\ndefault.", "type": "string" }, "replicas": { + "description": "Number of desired pods. This is a pointer to distinguish between explicit\nzero and not specified. Defaults to 1.\nNote: If more than 1 replica is set and leader election is not enabled then\ncontrollers could conflict. Environment variable \"LEADER_ELECTION\" can be\nused to enable leader election process.", "type": "integer", "format": "int32" }, "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, @@ -1072,6 +1273,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1087,6 +1289,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1105,42 +1308,53 @@ "additionalProperties": false }, "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used\nto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.\nIf unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an\nempty definition that uses the default runtime handler.\nMore info: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md\nThis is a beta feature as of Kubernetes v1.14.", "type": "string" }, "securityContext": { + "description": "SecurityContext holds container-level security attributes and common container settings.\nOptional: Defaults to empty. See type description for default values of each field.", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", "type": "string" }, "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", "type": "string" } }, "additionalProperties": false }, "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" }, "x-kubernetes-list-type": "atomic" }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" }, "x-kubernetes-list-type": "atomic" @@ -1149,71 +1363,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod \u0026 container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -1223,27 +1456,35 @@ "additionalProperties": false }, "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\nIf specified, a ServiceAccount named this ServiceAccountName will be used for\nthe spec.serviceAccountName field in Pods to be created and for the subjects.name field\nin a ClusterRoleBinding to be created.\nIf there is no ServiceAccount named this ServiceAccountName, a new ServiceAccount\nwill be created.\nIf there is a pre-existing ServiceAccount named this ServiceAccountName, the ServiceAccount\nwill be used. The annotations in the ControllerConfig will be copied to the ServiceAccount\nand pre-existing annotations will be kept.\nRegardless of whether there is a ServiceAccount created by Crossplane or is in place already,\nthe ServiceAccount will be deleted once the Provider and ControllerConfig are deleted.", "type": "string" }, "tolerations": { + "description": "If specified, the pod's tolerations.", "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -1251,8 +1492,10 @@ } }, "volumeMounts": { + "description": "List of VolumeMounts to mount into the container's filesystem.\nCannot be updated.", "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -1260,24 +1503,31 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -1285,36 +1535,44 @@ } }, "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes", "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -1322,22 +1580,28 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string", "default": "ext4" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean", "default": false } @@ -1345,6 +1609,7 @@ "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -1352,24 +1617,29 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" @@ -1377,18 +1647,23 @@ "x-kubernetes-list-type": "atomic" }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -1397,27 +1672,33 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -1426,21 +1707,26 @@ "x-kubernetes-map-type": "atomic" }, "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -1448,13 +1734,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -1463,10 +1752,12 @@ "x-kubernetes-list-type": "atomic" }, "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -1474,21 +1765,26 @@ "x-kubernetes-map-type": "atomic" }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -1497,9 +1793,11 @@ "x-kubernetes-map-type": "atomic" }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -1509,30 +1807,37 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -1540,22 +1845,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1568,6 +1878,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -1583,12 +1894,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1604,15 +1918,18 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where\n`\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object", "properties": { "annotations": { @@ -1643,9 +1960,11 @@ "additionalProperties": false }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" @@ -1653,6 +1972,7 @@ "x-kubernetes-list-type": "atomic" }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -1660,12 +1980,15 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -1673,6 +1996,7 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -1680,24 +2004,30 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1713,6 +2043,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1731,11 +2062,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1743,12 +2077,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1761,6 +2098,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1771,15 +2109,19 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -1792,19 +2134,24 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" @@ -1812,6 +2159,7 @@ "x-kubernetes-list-type": "atomic" }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -1822,30 +2170,37 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -1857,58 +2212,71 @@ "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker\nshould be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -1916,45 +2284,55 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", "type": "object", "properties": { "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", "type": "string" }, "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -1963,29 +2341,37 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n\u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string", "default": "default" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" @@ -1993,12 +2379,15 @@ "x-kubernetes-list-type": "atomic" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -2007,15 +2396,18 @@ "x-kubernetes-map-type": "atomic" }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -2023,89 +2415,110 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", "type": "object", "properties": { "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "type": "object", "required": [ "path" ], "properties": { "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2113,12 +2526,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2131,6 +2547,7 @@ "x-kubernetes-list-type": "atomic" }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2141,26 +2558,33 @@ "x-kubernetes-map-type": "atomic" }, "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", "type": "string" }, "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", "type": "boolean" }, "path": { + "description": "Relative path from the volume root to write the bundle.", "type": "string" }, "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2168,13 +2592,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -2183,10 +2610,12 @@ "x-kubernetes-list-type": "atomic" }, "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -2194,26 +2623,32 @@ "x-kubernetes-map-type": "atomic" }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -2221,22 +2656,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2249,6 +2689,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -2264,11 +2705,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2276,13 +2720,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -2291,10 +2738,12 @@ "x-kubernetes-list-type": "atomic" }, "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -2302,19 +2751,23 @@ "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", "type": "string" } }, @@ -2329,6 +2782,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -2336,27 +2790,34 @@ ], "properties": { "group": { + "description": "group to map volume access to\nDefault is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -2364,16 +2825,20 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", "default": "/etc/ceph/keyring" }, "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" @@ -2381,16 +2846,20 @@ "x-kubernetes-list-type": "atomic" }, "pool": { + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", "default": "rbd" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -2399,6 +2868,7 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", "default": "admin" } @@ -2406,6 +2876,7 @@ "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -2414,22 +2885,28 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string", "default": "xfs" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -2438,34 +2915,43 @@ "x-kubernetes-map-type": "atomic" }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string", "default": "ThinProvisioned" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2473,13 +2959,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -2488,27 +2977,34 @@ "x-kubernetes-list-type": "atomic" }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" } @@ -2517,30 +3013,37 @@ "x-kubernetes-map-type": "atomic" }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, diff --git a/schema/pkg.crossplane.io/lock_v1alpha1.json b/schema/pkg.crossplane.io/lock_v1alpha1.json index be49cbf47..cd38a1074 100644 --- a/schema/pkg.crossplane.io/lock_v1alpha1.json +++ b/schema/pkg.crossplane.io/lock_v1alpha1.json @@ -1,10 +1,13 @@ { + "description": "Lock is the CRD type that tracks package dependencies. [DEPRECATED]: Please use the identical v1beta1 API instead. The v1alpha1 API is scheduled to be removed in Crossplane v1.7.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -13,6 +16,7 @@ "packages": { "type": "array", "items": { + "description": "LockPackage is a package that is in the lock.", "type": "object", "required": [ "dependencies", @@ -23,8 +27,10 @@ ], "properties": { "dependencies": { + "description": "Dependencies are the list of dependencies of this package. The order of the dependencies will dictate the order in which they are resolved.", "type": "array", "items": { + "description": "A Dependency is a dependency of a package in the lock.", "type": "object", "required": [ "constraints", @@ -33,12 +39,15 @@ ], "properties": { "constraints": { + "description": "Constraints is a valid semver range, which will be used to select a valid dependency version.", "type": "string" }, "package": { + "description": "Package is the OCI image name without a tag or digest.", "type": "string" }, "type": { + "description": "Type is the type of package. Can be either Configuration or Provider.", "type": "string" } }, @@ -46,15 +55,19 @@ } }, "name": { + "description": "Name corresponds to the name of the package revision for this package.", "type": "string" }, "source": { + "description": "Source is the OCI image name without a tag or digest.", "type": "string" }, "type": { + "description": "Type is the type of package. Can be either Configuration or Provider.", "type": "string" }, "version": { + "description": "Version is the tag or digest of the OCI image.", "type": "string" } }, diff --git a/schema/pkg.crossplane.io/provider_v1beta1.json b/schema/pkg.crossplane.io/provider_v1beta1.json index e48769edc..72e6366e1 100644 --- a/schema/pkg.crossplane.io/provider_v1beta1.json +++ b/schema/pkg.crossplane.io/provider_v1beta1.json @@ -1,50 +1,62 @@ { + "description": "Provider is the CRD type for a request to add a provider to Crossplane. [DEPRECATED]: Please use the identical v1 API instead. The v1beta1 API is scheduled to be removed in Crossplane v1.6.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ProviderSpec specifies details about a request to install a provider to Crossplane.", "type": "object", "required": [ "package" ], "properties": { "controllerConfigRef": { + "description": "ControllerConfigRef references a ControllerConfig resource that will be used to configure the packaged controller Deployment.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" } }, "additionalProperties": false }, "ignoreCrossplaneConstraints": { + "description": "IgnoreCrossplaneConstraints indicates to the package manager whether to honor Crossplane version constrains specified by the package. Default is false.", "type": "boolean", "default": false }, "package": { + "description": "Package is the name of the package that is being requested.", "type": "string" }, "packagePullPolicy": { + "description": "PackagePullPolicy defines the pull policy for the package. Default is IfNotPresent.", "type": "string", "default": "IfNotPresent" }, "packagePullSecrets": { + "description": "PackagePullSecrets are named secrets in the same namespace that can be used to fetch packages from private registries.", "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -52,15 +64,18 @@ } }, "revisionActivationPolicy": { + "description": "RevisionActivationPolicy specifies how the package controller should update from one revision to the next. Options are Automatic or Manual. Default is Automatic.", "type": "string", "default": "Automatic" }, "revisionHistoryLimit": { + "description": "RevisionHistoryLimit dictates how the package controller cleans up old inactive package revisions. Defaults to 1. Can be disabled by explicitly setting to 0.", "type": "integer", "format": "int64", "default": 1 }, "skipDependencyResolution": { + "description": "SkipDependencyResolution indicates to the package manager whether to skip resolving dependencies for a package. Setting this value to true may have unintended consequences. Default is false.", "type": "boolean", "default": false } @@ -68,11 +83,14 @@ "additionalProperties": false }, "status": { + "description": "ProviderStatus represents the observed state of a Provider.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -82,19 +100,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, @@ -102,9 +125,11 @@ } }, "currentIdentifier": { + "description": "CurrentIdentifier is the most recent package source that was used to produce a revision. The package manager uses this field to determine whether to check for package updates for a given source when packagePullPolicy is set to IfNotPresent. Manually removing this field will cause the package manager to check that the current revision is correct for the given package source.", "type": "string" }, "currentRevision": { + "description": "CurrentRevision is the name of the current package revision. It will reflect the most up to date revision, whether it has been activated or not.", "type": "string" } }, diff --git a/schema/pkg.crossplane.io/providerrevision_v1beta1.json b/schema/pkg.crossplane.io/providerrevision_v1beta1.json index 55208cf91..15e31b963 100644 --- a/schema/pkg.crossplane.io/providerrevision_v1beta1.json +++ b/schema/pkg.crossplane.io/providerrevision_v1beta1.json @@ -1,16 +1,20 @@ { + "description": "A ProviderRevision that has been added to Crossplane. [DEPRECATED]: Please use the identical v1 API instead. The v1beta1 API is scheduled to be removed in Crossplane v1.6.", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "PackageRevisionSpec specifies the desired state of a PackageRevision.", "type": "object", "required": [ "desiredState", @@ -19,37 +23,46 @@ ], "properties": { "controllerConfigRef": { + "description": "ControllerConfigRef references a ControllerConfig resource that will be used to configure the packaged controller Deployment.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" } }, "additionalProperties": false }, "desiredState": { + "description": "DesiredState of the PackageRevision. Can be either Active or Inactive.", "type": "string" }, "ignoreCrossplaneConstraints": { + "description": "IgnoreCrossplaneConstraints indicates to the package manager whether to honor Crossplane version constrains specified by the package. Default is false.", "type": "boolean", "default": false }, "image": { + "description": "Package image used by install Pod to extract package contents.", "type": "string" }, "packagePullPolicy": { + "description": "PackagePullPolicy defines the pull policy for the package. It is also applied to any images pulled for the package, such as a provider's controller image. Default is IfNotPresent.", "type": "string", "default": "IfNotPresent" }, "packagePullSecrets": { + "description": "PackagePullSecrets are named secrets in the same namespace that can be used to fetch packages from private registries. They are also applied to any images pulled for the package, such as a provider's controller image.", "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -57,10 +70,12 @@ } }, "revision": { + "description": "Revision number. Indicates when the revision will be garbage collected based on the parent's RevisionHistoryLimit.", "type": "integer", "format": "int64" }, "skipDependencyResolution": { + "description": "SkipDependencyResolution indicates to the package manager whether to skip resolving dependencies for a package. Setting this value to true may have unintended consequences. Default is false.", "type": "boolean", "default": false } @@ -68,11 +83,14 @@ "additionalProperties": false }, "status": { + "description": "PackageRevisionStatus represents the observed state of a PackageRevision.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -82,19 +100,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, @@ -102,18 +125,21 @@ } }, "controllerRef": { + "description": "A Reference to a named object.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" } }, "additionalProperties": false }, "foundDependencies": { + "description": "Dependency information.", "type": "integer", "format": "int64" }, @@ -126,8 +152,10 @@ "format": "int64" }, "objectRefs": { + "description": "References to objects owned by PackageRevision.", "type": "array", "items": { + "description": "A TypedReference refers to an object by Name, Kind, and APIVersion. It is commonly used to reference cluster-scoped objects or objects where the namespace is already known.", "type": "object", "required": [ "apiVersion", @@ -136,15 +164,19 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the referenced object.", "type": "string" }, "kind": { + "description": "Kind of the referenced object.", "type": "string" }, "name": { + "description": "Name of the referenced object.", "type": "string" }, "uid": { + "description": "UID of the referenced object.", "type": "string" } }, @@ -152,38 +184,45 @@ } }, "permissionRequests": { + "description": "PermissionRequests made by this package. The package declares that its controller needs these permissions to run. The RBAC manager is responsible for granting them.", "type": "array", "items": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", "type": "object", "required": [ "verbs" ], "properties": { "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.", "type": "array", "items": { "type": "string" } }, "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", "type": "array", "items": { "type": "string" } }, "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", "type": "array", "items": { "type": "string" } }, "resources": { + "description": "Resources is a list of resources this rule applies to. ResourceAll represents all resources.", "type": "array", "items": { "type": "string" } }, "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.", "type": "array", "items": { "type": "string" diff --git a/schema/psmdb.percona.com/perconaservermongodb_v1-1-0.json b/schema/psmdb.percona.com/perconaservermongodb_v1-1-0.json index e77e66587..a8603622e 100644 --- a/schema/psmdb.percona.com/perconaservermongodb_v1-1-0.json +++ b/schema/psmdb.percona.com/perconaservermongodb_v1-1-0.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "spec": { "type": "object", @@ -8,6 +9,5 @@ "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "type": "object" + } } diff --git a/schema/psmdb.percona.com/perconaservermongodb_v1alpha1.json b/schema/psmdb.percona.com/perconaservermongodb_v1alpha1.json index e77e66587..a8603622e 100644 --- a/schema/psmdb.percona.com/perconaservermongodb_v1alpha1.json +++ b/schema/psmdb.percona.com/perconaservermongodb_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "spec": { "type": "object", @@ -8,6 +9,5 @@ "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "type": "object" + } } diff --git a/schema/pxc.percona.com/perconaxtradbbackup_v1alpha1.json b/schema/pxc.percona.com/perconaxtradbbackup_v1alpha1.json index e77e66587..a8603622e 100644 --- a/schema/pxc.percona.com/perconaxtradbbackup_v1alpha1.json +++ b/schema/pxc.percona.com/perconaxtradbbackup_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "spec": { "type": "object", @@ -8,6 +9,5 @@ "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "type": "object" + } } diff --git a/schema/pxc.percona.com/perconaxtradbcluster_v1-1-0.json b/schema/pxc.percona.com/perconaxtradbcluster_v1-1-0.json index e77e66587..a8603622e 100644 --- a/schema/pxc.percona.com/perconaxtradbcluster_v1-1-0.json +++ b/schema/pxc.percona.com/perconaxtradbcluster_v1-1-0.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "spec": { "type": "object", @@ -8,6 +9,5 @@ "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "type": "object" + } } diff --git a/schema/pxc.percona.com/perconaxtradbcluster_v1alpha1.json b/schema/pxc.percona.com/perconaxtradbcluster_v1alpha1.json index e77e66587..a8603622e 100644 --- a/schema/pxc.percona.com/perconaxtradbcluster_v1alpha1.json +++ b/schema/pxc.percona.com/perconaxtradbcluster_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "spec": { "type": "object", @@ -8,6 +9,5 @@ "type": "object", "x-kubernetes-preserve-unknown-fields": true } - }, - "type": "object" + } } diff --git a/schema/redis.redis.opstreelabs.in/redis_v1beta1.json b/schema/redis.redis.opstreelabs.in/redis_v1beta1.json index d5148320c..e42dd9253 100644 --- a/schema/redis.redis.opstreelabs.in/redis_v1beta1.json +++ b/schema/redis.redis.opstreelabs.in/redis_v1beta1.json @@ -1,25 +1,30 @@ { + "description": "Redis is the Schema for the redis API", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "RedisSpec defines the desired state of Redis", "type": "object", "required": [ "kubernetesConfig" ], "properties": { "TLS": { + "description": "TLS Configuration for redis instances", "type": "object", "required": [ "secret" @@ -35,15 +40,19 @@ "type": "string" }, "secret": { + "description": "Reference to secret which contains the certificates", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -51,13 +60,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -65,9 +77,11 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, @@ -77,14 +91,18 @@ "additionalProperties": false }, "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -92,11 +110,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -104,12 +125,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -120,8 +144,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -129,12 +155,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -149,6 +178,7 @@ "x-kubernetes-map-type": "atomic" }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -157,19 +187,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -177,12 +212,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -193,8 +231,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -202,12 +242,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -230,11 +273,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -242,17 +288,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -260,12 +310,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -276,6 +329,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -286,6 +340,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -293,6 +348,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -300,11 +356,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -312,12 +371,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -328,6 +390,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -338,18 +401,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -358,19 +424,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -378,12 +449,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -394,6 +468,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -404,6 +479,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -411,6 +487,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -418,11 +495,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -430,12 +510,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -446,6 +529,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -456,12 +540,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -472,11 +558,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -484,17 +573,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -502,12 +595,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -518,6 +614,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -528,6 +625,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -535,6 +633,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -542,11 +641,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -554,12 +656,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -570,6 +675,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -580,18 +686,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -600,19 +709,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -620,12 +734,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -636,6 +753,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -646,6 +764,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -653,6 +772,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -660,11 +780,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -672,12 +795,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -688,6 +814,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -698,12 +825,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -717,6 +846,7 @@ "additionalProperties": false }, "kubernetesConfig": { + "description": "KubernetesConfig will be the JSON struct for Basic Redis Config", "type": "object", "required": [ "image" @@ -732,14 +862,17 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "imagePullSecrets": { "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -752,6 +885,7 @@ "format": "int32" }, "redisSecret": { + "description": "ExistingPasswordSecret is the struct to access the existing secret", "type": "object", "properties": { "key": { @@ -764,17 +898,21 @@ "additionalProperties": false }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -786,6 +924,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -801,6 +940,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -819,9 +959,11 @@ "additionalProperties": false }, "service": { + "description": "ServiceConfig define the type of service to be created and its annotations", "type": "object", "properties": { "additional": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -853,6 +995,7 @@ } }, "headless": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -889,12 +1032,15 @@ "additionalProperties": false }, "updateStrategy": { + "description": "StatefulSetUpdateStrategy indicates the strategy that the StatefulSet\ncontroller will use to perform updates. It includes any additional parameters\nnecessary to perform the update for the indicated strategy.", "type": "object", "properties": { "rollingUpdate": { + "description": "RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.", "type": "object", "properties": { "maxUnavailable": { + "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding up. This can not be 0.\nDefaults to 1. This field is alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to\nReplicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it\nwill be counted towards MaxUnavailable.", "anyOf": [ { "type": "integer" @@ -906,6 +1052,7 @@ "x-kubernetes-int-or-string": true }, "partition": { + "description": "Partition indicates the ordinal at which the StatefulSet should be partitioned\nfor updates. During a rolling update, all pods from ordinal Replicas-1 to\nPartition are updated. All pods from ordinal Partition-1 to 0 remain untouched.\nThis is helpful in being able to do a canary based deployment. The default value is 0.", "type": "integer", "format": "int32" } @@ -913,6 +1060,7 @@ "additionalProperties": false }, "type": { + "description": "Type indicates the type of the StatefulSetUpdateStrategy.\nDefault is RollingUpdate.", "type": "string" } }, @@ -922,12 +1070,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -937,37 +1088,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -975,9 +1134,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -985,9 +1146,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -999,33 +1162,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1040,10 +1210,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1060,12 +1232,15 @@ "type": "string" }, "readinessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -1075,37 +1250,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -1113,9 +1296,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -1123,9 +1308,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1137,33 +1324,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1178,10 +1372,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1189,6 +1385,7 @@ "additionalProperties": false }, "redisConfig": { + "description": "RedisConfig defines the external configuration of Redis", "type": "object", "properties": { "additionalRedisConfig": { @@ -1204,6 +1401,7 @@ "additionalProperties": false }, "redisExporter": { + "description": "RedisExporter interface will have the information for redis exporter related stuff", "type": "object", "required": [ "image" @@ -1215,33 +1413,41 @@ "env": { "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -1249,15 +1455,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -1265,15 +1474,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1286,6 +1498,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -1293,18 +1506,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -1322,6 +1539,7 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "port": { @@ -1329,17 +1547,21 @@ "default": 9121 }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -1351,6 +1573,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1366,6 +1589,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1384,23 +1608,30 @@ "additionalProperties": false }, "securityContext": { + "description": "SecurityContext holds security configuration that will be applied to a container.\nSome fields are present in both SecurityContext and PodSecurityContext. When both\nare set, the values in SecurityContext take precedence.", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } } @@ -1408,71 +1639,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod \u0026 container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -1485,60 +1735,75 @@ "additionalProperties": false }, "securityContext": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings.\nSome fields are also present in container.securityContext. Field values of\ncontainer.securityContext take precedence over field values of PodSecurityContext.", "type": "object", "properties": { "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { "type": "integer", @@ -1546,8 +1811,10 @@ } }, "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { + "description": "Sysctl defines a kernel parameter to be set", "type": "object", "required": [ "name", @@ -1555,9 +1822,11 @@ ], "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" } }, @@ -1565,18 +1834,23 @@ } }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -1591,6 +1865,7 @@ "sidecars": { "type": "array", "items": { + "description": "Sidecar for each Redis pods", "type": "object", "required": [ "image", @@ -1600,33 +1875,41 @@ "env": { "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -1634,15 +1917,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -1650,15 +1936,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1671,6 +1960,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -1678,18 +1968,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -1707,23 +2001,28 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "name": { "type": "string" }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -1735,6 +2034,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1750,6 +2050,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1772,33 +2073,41 @@ } }, "storage": { + "description": "Storage is the inteface to add pvc and pv support in redis", "type": "object", "properties": { "keepAfterDelete": { "type": "boolean" }, "volumeClaimTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object" }, "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -1806,12 +2115,15 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -1819,6 +2131,7 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -1826,24 +2139,30 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1859,6 +2178,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1877,11 +2197,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1889,12 +2212,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1905,6 +2231,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1915,30 +2242,37 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "allocatedResourceStatuses": { + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "additionalProperties": { "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", @@ -1947,6 +2281,7 @@ "x-kubernetes-map-type": "granular" }, "allocatedResources": { + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1962,6 +2297,7 @@ } }, "capacity": { + "description": "capacity represents the actual resources of the underlying volume.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1977,8 +2313,10 @@ } }, "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'ResizeStarted'.", "type": "array", "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "type": "object", "required": [ "status", @@ -1986,23 +2324,28 @@ ], "properties": { "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", "type": "string", "format": "date-time" }, "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "message is the human-readable message indicating details about last transition.", "type": "string" }, "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"ResizeStarted\" that means the underlying\npersistent volume is being resized.", "type": "string" }, "status": { "type": "string" }, "type": { + "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", "type": "string" } }, @@ -2010,24 +2353,29 @@ } }, "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", "type": "string" }, "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", "type": "object", "required": [ "status" ], "properties": { "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", "type": "string" }, "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } }, "additionalProperties": false }, "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, @@ -2037,11 +2385,13 @@ "additionalProperties": false }, "volumeMount": { + "description": "Additional Volume is provided by user that is mounted on the pods", "type": "object", "properties": { "mountPath": { "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -2049,21 +2399,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -2073,34 +2429,41 @@ "volume": { "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -2108,27 +2471,34 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } }, "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -2136,42 +2506,52 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2179,27 +2559,33 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2207,21 +2593,26 @@ "x-kubernetes-map-type": "atomic" }, "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2229,13 +2620,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -2243,9 +2637,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -2253,21 +2649,26 @@ "x-kubernetes-map-type": "atomic" }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2275,9 +2676,11 @@ "x-kubernetes-map-type": "atomic" }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -2287,30 +2690,37 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -2318,22 +2728,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2346,6 +2761,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -2360,12 +2776,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2381,27 +2800,33 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where\n`\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -2409,12 +2834,15 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -2422,6 +2850,7 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -2429,24 +2858,30 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2462,6 +2897,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2480,11 +2916,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2492,12 +2931,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2508,6 +2950,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2518,15 +2961,19 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -2539,25 +2986,31 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -2567,30 +3020,37 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2601,58 +3061,71 @@ "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker\nshould be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -2660,33 +3133,40 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -2695,40 +3175,51 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n\u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2736,15 +3227,18 @@ "x-kubernetes-map-type": "atomic" }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -2752,89 +3246,110 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types", "type": "object", "properties": { "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "type": "object", "required": [ "path" ], "properties": { "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2842,12 +3357,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2858,6 +3376,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2868,26 +3387,33 @@ "x-kubernetes-map-type": "atomic" }, "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", "type": "string" }, "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", "type": "boolean" }, "path": { + "description": "Relative path from the volume root to write the bundle.", "type": "string" }, "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2895,13 +3421,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -2909,9 +3438,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -2919,26 +3450,32 @@ "x-kubernetes-map-type": "atomic" }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -2946,22 +3483,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2974,6 +3516,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -2988,11 +3531,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3000,13 +3546,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -3014,9 +3563,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -3024,19 +3575,23 @@ "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", "type": "string" } }, @@ -3050,6 +3605,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -3057,27 +3613,34 @@ ], "properties": { "group": { + "description": "group to map volume access to\nDefault is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -3085,30 +3648,38 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "pool": { + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3116,12 +3687,14 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -3130,21 +3703,27 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3152,33 +3731,42 @@ "x-kubernetes-map-type": "atomic" }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3186,13 +3774,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -3200,27 +3791,34 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3228,30 +3826,37 @@ "x-kubernetes-map-type": "atomic" }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -3270,22 +3875,28 @@ "tolerations": { "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -3296,6 +3907,7 @@ "additionalProperties": false }, "status": { + "description": "RedisStatus defines the observed state of Redis", "type": "object" } } diff --git a/schema/redis.redis.opstreelabs.in/rediscluster_v1beta1.json b/schema/redis.redis.opstreelabs.in/rediscluster_v1beta1.json index 4abb2a364..b9d24ee03 100644 --- a/schema/redis.redis.opstreelabs.in/rediscluster_v1beta1.json +++ b/schema/redis.redis.opstreelabs.in/rediscluster_v1beta1.json @@ -1,19 +1,23 @@ { + "description": "RedisCluster is the Schema for the redisclusters API", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "RedisClusterSpec defines the desired state of RedisCluster", "type": "object", "required": [ "clusterSize", @@ -21,6 +25,7 @@ ], "properties": { "TLS": { + "description": "TLS Configuration for redis instances", "type": "object", "required": [ "secret" @@ -36,15 +41,19 @@ "type": "string" }, "secret": { + "description": "Reference to secret which contains the certificates", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -52,13 +61,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -66,9 +78,11 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, @@ -86,6 +100,7 @@ "default": "v7" }, "kubernetesConfig": { + "description": "KubernetesConfig will be the JSON struct for Basic Redis Config", "type": "object", "required": [ "image" @@ -101,14 +116,17 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "imagePullSecrets": { "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -121,6 +139,7 @@ "format": "int32" }, "redisSecret": { + "description": "ExistingPasswordSecret is the struct to access the existing secret", "type": "object", "properties": { "key": { @@ -133,17 +152,21 @@ "additionalProperties": false }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -155,6 +178,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -170,6 +194,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -188,9 +213,11 @@ "additionalProperties": false }, "service": { + "description": "ServiceConfig define the type of service to be created and its annotations", "type": "object", "properties": { "additional": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -222,6 +249,7 @@ } }, "headless": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -258,12 +286,15 @@ "additionalProperties": false }, "updateStrategy": { + "description": "StatefulSetUpdateStrategy indicates the strategy that the StatefulSet\ncontroller will use to perform updates. It includes any additional parameters\nnecessary to perform the update for the indicated strategy.", "type": "object", "properties": { "rollingUpdate": { + "description": "RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.", "type": "object", "properties": { "maxUnavailable": { + "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding up. This can not be 0.\nDefaults to 1. This field is alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to\nReplicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it\nwill be counted towards MaxUnavailable.", "anyOf": [ { "type": "integer" @@ -275,6 +306,7 @@ "x-kubernetes-int-or-string": true }, "partition": { + "description": "Partition indicates the ordinal at which the StatefulSet should be partitioned\nfor updates. During a rolling update, all pods from ordinal Replicas-1 to\nPartition are updated. All pods from ordinal Partition-1 to 0 remain untouched.\nThis is helpful in being able to do a canary based deployment. The default value is 0.", "type": "integer", "format": "int32" } @@ -282,6 +314,7 @@ "additionalProperties": false }, "type": { + "description": "Type indicates the type of the StatefulSetUpdateStrategy.\nDefault is RollingUpdate.", "type": "string" } }, @@ -297,6 +330,7 @@ "type": "string" }, "redisExporter": { + "description": "RedisExporter interface will have the information for redis exporter related stuff", "type": "object", "required": [ "image" @@ -308,33 +342,41 @@ "env": { "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -342,15 +384,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -358,15 +403,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -379,6 +427,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -386,18 +435,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -415,6 +468,7 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "port": { @@ -422,17 +476,21 @@ "default": 9121 }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -444,6 +502,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -459,6 +518,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -477,23 +537,30 @@ "additionalProperties": false }, "securityContext": { + "description": "SecurityContext holds security configuration that will be applied to a container.\nSome fields are present in both SecurityContext and PodSecurityContext. When both\nare set, the values in SecurityContext take precedence.", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } } @@ -501,71 +568,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod \u0026 container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -578,17 +664,22 @@ "additionalProperties": false }, "redisFollower": { + "description": "RedisFollower interface will have the redis follower configuration", "type": "object", "properties": { "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -596,11 +687,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -608,12 +702,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -624,8 +721,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -633,12 +732,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -653,6 +755,7 @@ "x-kubernetes-map-type": "atomic" }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -661,19 +764,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -681,12 +789,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -697,8 +808,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -706,12 +819,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -734,11 +850,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -746,17 +865,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -764,12 +887,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -780,6 +906,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -790,6 +917,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -797,6 +925,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -804,11 +933,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -816,12 +948,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -832,6 +967,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -842,18 +978,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -862,19 +1001,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -882,12 +1026,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -898,6 +1045,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -908,6 +1056,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -915,6 +1064,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -922,11 +1072,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -934,12 +1087,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -950,6 +1106,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -960,12 +1117,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -976,11 +1135,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -988,17 +1150,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1006,12 +1172,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1022,6 +1191,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1032,6 +1202,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1039,6 +1210,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1046,11 +1218,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1058,12 +1233,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1074,6 +1252,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1084,18 +1263,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -1104,19 +1286,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1124,12 +1311,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1140,6 +1330,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1150,6 +1341,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1157,6 +1349,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1164,11 +1357,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1176,12 +1372,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1192,6 +1391,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1202,12 +1402,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -1221,12 +1423,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -1236,37 +1441,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -1274,9 +1487,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -1284,9 +1499,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1298,33 +1515,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1339,10 +1563,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1356,6 +1582,7 @@ } }, "pdb": { + "description": "RedisPodDisruptionBudget configure a PodDisruptionBudget on the resource (leader/follower)", "type": "object", "properties": { "enabled": { @@ -1373,12 +1600,15 @@ "additionalProperties": false }, "readinessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -1388,37 +1618,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -1426,9 +1664,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -1436,9 +1676,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1450,33 +1692,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1491,10 +1740,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1502,6 +1753,7 @@ "additionalProperties": false }, "redisConfig": { + "description": "RedisConfig defines the external configuration of Redis", "type": "object", "properties": { "additionalRedisConfig": { @@ -1523,22 +1775,28 @@ "tolerations": { "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -1548,6 +1806,7 @@ "topologySpreadConstraints": { "type": "array", "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", "type": "object", "required": [ "maxSkew", @@ -1556,11 +1815,14 @@ ], "properties": { "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1568,12 +1830,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1584,6 +1849,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1594,6 +1860,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "type": "array", "items": { "type": "string" @@ -1601,23 +1868,29 @@ "x-kubernetes-list-type": "atomic" }, "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", "type": "integer", "format": "int32" }, "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", "type": "integer", "format": "int32" }, "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", "type": "string" }, "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", "type": "string" } }, @@ -1628,17 +1901,22 @@ "additionalProperties": false }, "redisLeader": { + "description": "RedisLeader interface will have the redis leader configuration", "type": "object", "properties": { "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -1646,11 +1924,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -1658,12 +1939,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1674,8 +1958,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -1683,12 +1969,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1703,6 +1992,7 @@ "x-kubernetes-map-type": "atomic" }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -1711,19 +2001,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -1731,12 +2026,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1747,8 +2045,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -1756,12 +2056,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -1784,11 +2087,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -1796,17 +2102,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1814,12 +2124,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1830,6 +2143,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1840,6 +2154,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1847,6 +2162,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1854,11 +2170,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1866,12 +2185,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1882,6 +2204,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1892,18 +2215,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -1912,19 +2238,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1932,12 +2263,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1948,6 +2282,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1958,6 +2293,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1965,6 +2301,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -1972,11 +2309,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1984,12 +2324,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2000,6 +2343,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2010,12 +2354,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -2026,11 +2372,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -2038,17 +2387,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2056,12 +2409,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2072,6 +2428,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2082,6 +2439,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -2089,6 +2447,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -2096,11 +2455,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2108,12 +2470,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2124,6 +2489,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2134,18 +2500,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -2154,19 +2523,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2174,12 +2548,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2190,6 +2567,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2200,6 +2578,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -2207,6 +2586,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -2214,11 +2594,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2226,12 +2609,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2242,6 +2628,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2252,12 +2639,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -2271,12 +2660,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2286,37 +2678,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2324,9 +2724,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2334,9 +2736,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2348,33 +2752,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2389,10 +2800,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -2406,6 +2819,7 @@ } }, "pdb": { + "description": "RedisPodDisruptionBudget configure a PodDisruptionBudget on the resource (leader/follower)", "type": "object", "properties": { "enabled": { @@ -2423,12 +2837,15 @@ "additionalProperties": false }, "readinessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -2438,37 +2855,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -2476,9 +2901,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -2486,9 +2913,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2500,33 +2929,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -2541,10 +2977,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -2552,6 +2990,7 @@ "additionalProperties": false }, "redisConfig": { + "description": "RedisConfig defines the external configuration of Redis", "type": "object", "properties": { "additionalRedisConfig": { @@ -2573,22 +3012,28 @@ "tolerations": { "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -2598,6 +3043,7 @@ "topologySpreadConstraints": { "type": "array", "items": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", "type": "object", "required": [ "maxSkew", @@ -2606,11 +3052,14 @@ ], "properties": { "labelSelector": { + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2618,12 +3067,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2634,6 +3086,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2644,6 +3097,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "type": "array", "items": { "type": "string" @@ -2651,23 +3105,29 @@ "x-kubernetes-list-type": "atomic" }, "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", "type": "integer", "format": "int32" }, "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", "type": "integer", "format": "int32" }, "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", "type": "string" }, "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", "type": "string" }, "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", "type": "string" } }, @@ -2678,17 +3138,21 @@ "additionalProperties": false }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -2700,6 +3164,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2715,6 +3180,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2733,60 +3199,75 @@ "additionalProperties": false }, "securityContext": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings.\nSome fields are also present in container.securityContext. Field values of\ncontainer.securityContext take precedence over field values of PodSecurityContext.", "type": "object", "properties": { "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { "type": "integer", @@ -2794,8 +3275,10 @@ } }, "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { + "description": "Sysctl defines a kernel parameter to be set", "type": "object", "required": [ "name", @@ -2803,9 +3286,11 @@ ], "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" } }, @@ -2813,18 +3298,23 @@ } }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -2839,6 +3329,7 @@ "sidecars": { "type": "array", "items": { + "description": "Sidecar for each Redis pods", "type": "object", "required": [ "image", @@ -2848,33 +3339,41 @@ "env": { "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -2882,15 +3381,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -2898,15 +3400,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2919,6 +3424,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -2926,18 +3432,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -2955,23 +3465,28 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "name": { "type": "string" }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -2983,6 +3498,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2998,6 +3514,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -3020,33 +3537,41 @@ } }, "storage": { + "description": "Storage is the inteface to add pvc and pv support in redis", "type": "object", "properties": { "keepAfterDelete": { "type": "boolean" }, "volumeClaimTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object" }, "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -3054,12 +3579,15 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -3067,6 +3595,7 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -3074,24 +3603,30 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -3107,6 +3642,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -3125,11 +3661,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -3137,12 +3676,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -3153,6 +3695,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -3163,30 +3706,37 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "allocatedResourceStatuses": { + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "additionalProperties": { "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", @@ -3195,6 +3745,7 @@ "x-kubernetes-map-type": "granular" }, "allocatedResources": { + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -3210,6 +3761,7 @@ } }, "capacity": { + "description": "capacity represents the actual resources of the underlying volume.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -3225,8 +3777,10 @@ } }, "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'ResizeStarted'.", "type": "array", "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "type": "object", "required": [ "status", @@ -3234,23 +3788,28 @@ ], "properties": { "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", "type": "string", "format": "date-time" }, "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "message is the human-readable message indicating details about last transition.", "type": "string" }, "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"ResizeStarted\" that means the underlying\npersistent volume is being resized.", "type": "string" }, "status": { "type": "string" }, "type": { + "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", "type": "string" } }, @@ -3258,24 +3817,29 @@ } }, "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", "type": "string" }, "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", "type": "object", "required": [ "status" ], "properties": { "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", "type": "string" }, "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } }, "additionalProperties": false }, "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, @@ -3285,11 +3849,13 @@ "additionalProperties": false }, "volumeMount": { + "description": "Additional Volume is provided by user that is mounted on the pods", "type": "object", "properties": { "mountPath": { "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -3297,21 +3863,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -3321,34 +3893,41 @@ "volume": { "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -3356,27 +3935,34 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } }, "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -3384,42 +3970,52 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3427,27 +4023,33 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3455,21 +4057,26 @@ "x-kubernetes-map-type": "atomic" }, "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3477,13 +4084,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -3491,9 +4101,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -3501,21 +4113,26 @@ "x-kubernetes-map-type": "atomic" }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3523,9 +4140,11 @@ "x-kubernetes-map-type": "atomic" }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -3535,30 +4154,37 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -3566,22 +4192,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -3594,6 +4225,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -3608,12 +4240,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -3629,27 +4264,33 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where\n`\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -3657,12 +4298,15 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -3670,6 +4314,7 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -3677,24 +4322,30 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -3710,6 +4361,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -3728,11 +4380,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -3740,12 +4395,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -3756,6 +4414,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -3766,15 +4425,19 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -3787,25 +4450,31 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -3815,30 +4484,37 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3849,58 +4525,71 @@ "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker\nshould be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -3908,33 +4597,40 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -3943,40 +4639,51 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n\u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3984,15 +4691,18 @@ "x-kubernetes-map-type": "atomic" }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -4000,89 +4710,110 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types", "type": "object", "properties": { "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "type": "object", "required": [ "path" ], "properties": { "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -4090,12 +4821,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -4106,6 +4840,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -4116,26 +4851,33 @@ "x-kubernetes-map-type": "atomic" }, "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", "type": "string" }, "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", "type": "boolean" }, "path": { + "description": "Relative path from the volume root to write the bundle.", "type": "string" }, "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -4143,13 +4885,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -4157,9 +4902,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -4167,26 +4914,32 @@ "x-kubernetes-map-type": "atomic" }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -4194,22 +4947,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -4222,6 +4980,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -4236,11 +4995,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -4248,13 +5010,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -4262,9 +5027,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -4272,19 +5039,23 @@ "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", "type": "string" } }, @@ -4298,6 +5069,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -4305,27 +5077,34 @@ ], "properties": { "group": { + "description": "group to map volume access to\nDefault is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -4333,30 +5112,38 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "pool": { + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -4364,12 +5151,14 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -4378,21 +5167,27 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -4400,33 +5195,42 @@ "x-kubernetes-map-type": "atomic" }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -4434,13 +5238,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -4448,27 +5255,34 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -4476,30 +5290,37 @@ "x-kubernetes-map-type": "atomic" }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -4519,6 +5340,7 @@ "additionalProperties": false }, "status": { + "description": "RedisClusterStatus defines the observed state of RedisCluster", "type": "object" } } diff --git a/schema/redis.redis.opstreelabs.in/redisreplication_v1beta1.json b/schema/redis.redis.opstreelabs.in/redisreplication_v1beta1.json index 910619a44..e78b78642 100644 --- a/schema/redis.redis.opstreelabs.in/redisreplication_v1beta1.json +++ b/schema/redis.redis.opstreelabs.in/redisreplication_v1beta1.json @@ -1,13 +1,16 @@ { + "description": "Redis is the Schema for the redis API", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -21,6 +24,7 @@ ], "properties": { "TLS": { + "description": "TLS Configuration for redis instances", "type": "object", "required": [ "secret" @@ -36,15 +40,19 @@ "type": "string" }, "secret": { + "description": "Reference to secret which contains the certificates", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -52,13 +60,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -66,9 +77,11 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, @@ -78,14 +91,18 @@ "additionalProperties": false }, "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -93,11 +110,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -105,12 +125,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -121,8 +144,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -130,12 +155,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -150,6 +178,7 @@ "x-kubernetes-map-type": "atomic" }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -158,19 +187,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -178,12 +212,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -194,8 +231,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -203,12 +242,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -231,11 +273,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -243,17 +288,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -261,12 +310,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -277,6 +329,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -287,6 +340,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -294,6 +348,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -301,11 +356,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -313,12 +371,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -329,6 +390,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -339,18 +401,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -359,19 +424,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -379,12 +449,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -395,6 +468,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -405,6 +479,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -412,6 +487,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -419,11 +495,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -431,12 +510,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -447,6 +529,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -457,12 +540,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -473,11 +558,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -485,17 +573,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -503,12 +595,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -519,6 +614,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -529,6 +625,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -536,6 +633,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -543,11 +641,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -555,12 +656,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -571,6 +675,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -581,18 +686,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -601,19 +709,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -621,12 +734,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -637,6 +753,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -647,6 +764,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -654,6 +772,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -661,11 +780,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -673,12 +795,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -689,6 +814,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -699,12 +825,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -722,6 +850,7 @@ "format": "int32" }, "kubernetesConfig": { + "description": "KubernetesConfig will be the JSON struct for Basic Redis Config", "type": "object", "required": [ "image" @@ -737,14 +866,17 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "imagePullSecrets": { "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -757,6 +889,7 @@ "format": "int32" }, "redisSecret": { + "description": "ExistingPasswordSecret is the struct to access the existing secret", "type": "object", "properties": { "key": { @@ -769,17 +902,21 @@ "additionalProperties": false }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -791,6 +928,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -806,6 +944,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -824,9 +963,11 @@ "additionalProperties": false }, "service": { + "description": "ServiceConfig define the type of service to be created and its annotations", "type": "object", "properties": { "additional": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -858,6 +999,7 @@ } }, "headless": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -894,12 +1036,15 @@ "additionalProperties": false }, "updateStrategy": { + "description": "StatefulSetUpdateStrategy indicates the strategy that the StatefulSet\ncontroller will use to perform updates. It includes any additional parameters\nnecessary to perform the update for the indicated strategy.", "type": "object", "properties": { "rollingUpdate": { + "description": "RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.", "type": "object", "properties": { "maxUnavailable": { + "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding up. This can not be 0.\nDefaults to 1. This field is alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to\nReplicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it\nwill be counted towards MaxUnavailable.", "anyOf": [ { "type": "integer" @@ -911,6 +1056,7 @@ "x-kubernetes-int-or-string": true }, "partition": { + "description": "Partition indicates the ordinal at which the StatefulSet should be partitioned\nfor updates. During a rolling update, all pods from ordinal Replicas-1 to\nPartition are updated. All pods from ordinal Partition-1 to 0 remain untouched.\nThis is helpful in being able to do a canary based deployment. The default value is 0.", "type": "integer", "format": "int32" } @@ -918,6 +1064,7 @@ "additionalProperties": false }, "type": { + "description": "Type indicates the type of the StatefulSetUpdateStrategy.\nDefault is RollingUpdate.", "type": "string" } }, @@ -927,12 +1074,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -942,37 +1092,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -980,9 +1138,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -990,9 +1150,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1004,33 +1166,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1045,10 +1214,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1065,12 +1236,15 @@ "type": "string" }, "readinessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -1080,37 +1254,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -1118,9 +1300,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -1128,9 +1312,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1142,33 +1328,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1183,10 +1376,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1194,6 +1389,7 @@ "additionalProperties": false }, "redisConfig": { + "description": "RedisConfig defines the external configuration of Redis", "type": "object", "properties": { "additionalRedisConfig": { @@ -1209,6 +1405,7 @@ "additionalProperties": false }, "redisExporter": { + "description": "RedisExporter interface will have the information for redis exporter related stuff", "type": "object", "required": [ "image" @@ -1220,33 +1417,41 @@ "env": { "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -1254,15 +1459,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -1270,15 +1478,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1291,6 +1502,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -1298,18 +1510,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -1327,6 +1543,7 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "port": { @@ -1334,17 +1551,21 @@ "default": 9121 }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -1356,6 +1577,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1371,6 +1593,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1389,23 +1612,30 @@ "additionalProperties": false }, "securityContext": { + "description": "SecurityContext holds security configuration that will be applied to a container.\nSome fields are present in both SecurityContext and PodSecurityContext. When both\nare set, the values in SecurityContext take precedence.", "type": "object", "properties": { "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "add": { + "description": "Added capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } }, "drop": { + "description": "Removed capabilities", "type": "array", "items": { + "description": "Capability represent POSIX capabilities type", "type": "string" } } @@ -1413,71 +1643,90 @@ "additionalProperties": false }, "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod \u0026 container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -1490,60 +1739,75 @@ "additionalProperties": false }, "securityContext": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings.\nSome fields are also present in container.securityContext. Field values of\ncontainer.securityContext take precedence over field values of PodSecurityContext.", "type": "object", "properties": { "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { "type": "integer", @@ -1551,8 +1815,10 @@ } }, "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { + "description": "Sysctl defines a kernel parameter to be set", "type": "object", "required": [ "name", @@ -1560,9 +1826,11 @@ ], "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" } }, @@ -1570,18 +1838,23 @@ } }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -1596,6 +1869,7 @@ "sidecars": { "type": "array", "items": { + "description": "Sidecar for each Redis pods", "type": "object", "required": [ "image", @@ -1605,33 +1879,41 @@ "env": { "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -1639,15 +1921,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -1655,15 +1940,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1676,6 +1964,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -1683,18 +1972,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -1712,23 +2005,28 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "name": { "type": "string" }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -1740,6 +2038,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1755,6 +2054,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1777,33 +2077,41 @@ } }, "storage": { + "description": "Storage is the inteface to add pvc and pv support in redis", "type": "object", "properties": { "keepAfterDelete": { "type": "boolean" }, "volumeClaimTemplate": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { + "description": "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "type": "object" }, "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -1811,12 +2119,15 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -1824,6 +2135,7 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -1831,24 +2143,30 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1864,6 +2182,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1882,11 +2201,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -1894,12 +2216,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -1910,6 +2235,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -1920,30 +2246,37 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "status represents the current information/status of a persistent volume claim.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "allocatedResourceStatuses": { + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "additionalProperties": { "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", @@ -1952,6 +2285,7 @@ "x-kubernetes-map-type": "granular" }, "allocatedResources": { + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1967,6 +2301,7 @@ } }, "capacity": { + "description": "capacity represents the actual resources of the underlying volume.", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1982,8 +2317,10 @@ } }, "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'ResizeStarted'.", "type": "array", "items": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "type": "object", "required": [ "status", @@ -1991,23 +2328,28 @@ ], "properties": { "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", "type": "string", "format": "date-time" }, "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "message is the human-readable message indicating details about last transition.", "type": "string" }, "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"ResizeStarted\" that means the underlying\npersistent volume is being resized.", "type": "string" }, "status": { "type": "string" }, "type": { + "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", "type": "string" } }, @@ -2015,24 +2357,29 @@ } }, "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", "type": "string" }, "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is an alpha field and requires enabling VolumeAttributesClass feature.", "type": "object", "required": [ "status" ], "properties": { "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", "type": "string" }, "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } }, "additionalProperties": false }, "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, @@ -2042,11 +2389,13 @@ "additionalProperties": false }, "volumeMount": { + "description": "Additional Volume is provided by user that is mounted on the pods", "type": "object", "properties": { "mountPath": { "type": "array", "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ "mountPath", @@ -2054,21 +2403,27 @@ ], "properties": { "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.", "type": "string" }, "name": { + "description": "This must match the Name of a Volume.", "type": "string" }, "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -2078,34 +2433,41 @@ "volume": { "type": "array", "items": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ "name" ], "properties": { "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, "additionalProperties": false }, "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", "required": [ "diskName", @@ -2113,27 +2475,34 @@ ], "properties": { "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", "type": "string" }, "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", "type": "string" }, "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", "type": "string" }, "fsType": { + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } }, "additionalProperties": false }, "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ "secretName", @@ -2141,42 +2510,52 @@ ], "properties": { "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", "type": "string" }, "shareName": { + "description": "shareName is the azure share Name", "type": "string" } }, "additionalProperties": false }, "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", "type": "object", "required": [ "monitors" ], "properties": { "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2184,27 +2563,33 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2212,21 +2597,26 @@ "x-kubernetes-map-type": "atomic" }, "volumeID": { + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap represents a configMap that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2234,13 +2624,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -2248,9 +2641,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -2258,21 +2653,26 @@ "x-kubernetes-map-type": "atomic" }, "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2280,9 +2680,11 @@ "x-kubernetes-map-type": "atomic" }, "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", "type": "object", "additionalProperties": { "type": "string" @@ -2292,30 +2694,37 @@ "additionalProperties": false }, "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", "type": "object", "properties": { "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -2323,22 +2732,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2351,6 +2765,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -2365,12 +2780,15 @@ "additionalProperties": false }, "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "object", "properties": { "medium": { + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2386,27 +2804,33 @@ "additionalProperties": false }, "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "type": "object", "properties": { "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `\u003cpod name\u003e-\u003cvolume name\u003e` where\n`\u003cvolume name\u003e` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil.", "type": "object", "required": [ "spec" ], "properties": { "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object" }, "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "type": "object", "properties": { "accessModes": { + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string" } }, "dataSource": { + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "type": "object", "required": [ "kind", @@ -2414,12 +2838,15 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" } }, @@ -2427,6 +2854,7 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "object", "required": [ "kind", @@ -2434,24 +2862,30 @@ ], "properties": { "apiGroup": { + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { + "description": "Kind is the type of resource being referenced", "type": "string" }, "name": { + "description": "Name is the name of resource being referenced", "type": "string" }, "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "type": "string" } }, "additionalProperties": false }, "resources": { + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "type": "object", "properties": { "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2467,6 +2901,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -2485,11 +2920,14 @@ "additionalProperties": false }, "selector": { + "description": "selector is a label query over volumes to consider for binding.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2497,12 +2935,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2513,6 +2954,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2523,15 +2965,19 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", "type": "string" }, "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" } }, @@ -2544,25 +2990,31 @@ "additionalProperties": false }, "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", "format": "int32" }, "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string" } }, "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string" @@ -2572,30 +3024,37 @@ "additionalProperties": false }, "flexVolume": { + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.", "type": "object", "required": [ "driver" ], "properties": { "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { + "description": "options is Optional: this field holds extra command options if any.", "type": "object", "additionalProperties": { "type": "string" } }, "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2606,58 +3065,71 @@ "additionalProperties": false }, "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", "type": "object", "properties": { "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -\u003e name on the dataset for Flocker\nshould be considered as deprecated", "type": "string" }, "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } }, "additionalProperties": false }, "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "object", "required": [ "pdName" ], "properties": { "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "partition": { + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "integer", "format": "int32" }, "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, "additionalProperties": false }, "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision.\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", "type": "object", "required": [ "repository" ], "properties": { "directory": { + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", "type": "string" }, "repository": { + "description": "repository is the URL", "type": "string" }, "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } }, "additionalProperties": false }, "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", "type": "object", "required": [ "endpoints", @@ -2665,33 +3137,40 @@ ], "properties": { "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, "additionalProperties": false }, "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, "additionalProperties": false }, "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "type": "object", "required": [ "iqn", @@ -2700,40 +3179,51 @@ ], "properties": { "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n\u003ctarget portal\u003e:\u003cvolume name\u003e will be created for the connection.", "type": "string" }, "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string" }, "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, "lun": { + "description": "lun represents iSCSI Target Lun number.", "type": "integer", "format": "int32" }, "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string" } }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", "type": "boolean" }, "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -2741,15 +3231,18 @@ "x-kubernetes-map-type": "atomic" }, "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "object", "required": [ "path", @@ -2757,89 +3250,110 @@ ], "properties": { "path": { + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, "additionalProperties": false }, "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "object", "required": [ "claimName" ], "properties": { "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", "type": "boolean" } }, "additionalProperties": false }, "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", "type": "object", "required": [ "pdID" ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string" } }, "additionalProperties": false }, "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumeID" ], "properties": { "fsType": { + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string" } }, "additionalProperties": false }, "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "sources": { + "description": "sources is the list of volume projections", "type": "array", "items": { + "description": "Projection that may be projected along with other supported volume types", "type": "object", "properties": { "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", "type": "object", "required": [ "path" ], "properties": { "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -2847,12 +3361,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -2863,6 +3380,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -2873,26 +3391,33 @@ "x-kubernetes-map-type": "atomic" }, "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", "type": "string" }, "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", "type": "boolean" }, "path": { + "description": "Relative path from the volume root to write the bundle.", "type": "string" }, "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", "type": "string" } }, "additionalProperties": false }, "configMap": { + "description": "configMap information about the configMap data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -2900,13 +3425,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -2914,9 +3442,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", "type": "boolean" } }, @@ -2924,26 +3454,32 @@ "x-kubernetes-map-type": "atomic" }, "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", "type": "object", "properties": { "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ "path" ], "properties": { "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -2951,22 +3487,27 @@ "x-kubernetes-map-type": "atomic" }, "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -2979,6 +3520,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -2993,11 +3535,14 @@ "additionalProperties": false }, "secret": { + "description": "secret information about the secret data to project", "type": "object", "properties": { "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3005,13 +3550,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -3019,9 +3567,11 @@ } }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "optional field specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -3029,19 +3579,23 @@ "x-kubernetes-map-type": "atomic" }, "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", "type": "object", "required": [ "path" ], "properties": { "audience": { + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", "type": "string" }, "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", "type": "integer", "format": "int64" }, "path": { + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", "type": "string" } }, @@ -3055,6 +3609,7 @@ "additionalProperties": false }, "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", "type": "object", "required": [ "registry", @@ -3062,27 +3617,34 @@ ], "properties": { "group": { + "description": "group to map volume access to\nDefault is no group", "type": "string" }, "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", "type": "boolean" }, "registry": { + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { + "description": "user to map volume access to\nDefaults to serivceaccount user", "type": "string" }, "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", "type": "string" } }, "additionalProperties": false }, "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "type": "object", "required": [ "image", @@ -3090,30 +3652,38 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine", "type": "string" }, "image": { + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string" } }, "pool": { + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3121,12 +3691,14 @@ "x-kubernetes-map-type": "atomic" }, "user": { + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, "additionalProperties": false }, "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", "type": "object", "required": [ "gateway", @@ -3135,21 +3707,27 @@ ], "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string" }, "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3157,33 +3735,42 @@ "x-kubernetes-map-type": "atomic" }, "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", "type": "boolean" }, "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", "type": "string" }, "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string" }, "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", "type": "string" } }, "additionalProperties": false }, "secret": { + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -3191,13 +3778,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -3205,27 +3795,34 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "additionalProperties": false }, "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", "type": "object", "properties": { "fsType": { + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -3233,30 +3830,37 @@ "x-kubernetes-map-type": "atomic" }, "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", "type": "string" }, "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "additionalProperties": false }, "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", "type": "object", "required": [ "volumePath" ], "properties": { "fsType": { + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", "type": "string" }, "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", "type": "string" } }, @@ -3275,22 +3879,28 @@ "tolerations": { "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -3301,6 +3911,7 @@ "additionalProperties": false }, "status": { + "description": "RedisStatus defines the observed state of Redis", "type": "object", "properties": { "masterNode": { diff --git a/schema/redis.redis.opstreelabs.in/redissentinel_v1beta1.json b/schema/redis.redis.opstreelabs.in/redissentinel_v1beta1.json index ab80f6ecb..737a239c7 100644 --- a/schema/redis.redis.opstreelabs.in/redissentinel_v1beta1.json +++ b/schema/redis.redis.opstreelabs.in/redissentinel_v1beta1.json @@ -1,13 +1,16 @@ { + "description": "Redis is the Schema for the redis API", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -21,6 +24,7 @@ ], "properties": { "TLS": { + "description": "TLS Configuration for redis instances", "type": "object", "required": [ "secret" @@ -36,15 +40,19 @@ "type": "string" }, "secret": { + "description": "Reference to secret which contains the certificates", "type": "object", "properties": { "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "type": "array", "items": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ "key", @@ -52,13 +60,16 @@ ], "properties": { "key": { + "description": "key is the key to project.", "type": "string" }, "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, "path": { + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -66,9 +77,11 @@ } }, "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, @@ -78,14 +91,18 @@ "additionalProperties": false }, "affinity": { + "description": "Affinity is a group of affinity scheduling rules.", "type": "object", "properties": { "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ "preference", @@ -93,11 +110,14 @@ ], "properties": { "preference": { + "description": "A node selector term, associated with the corresponding weight.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -105,12 +125,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -121,8 +144,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -130,12 +155,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -150,6 +178,7 @@ "x-kubernetes-map-type": "atomic" }, "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", "format": "int32" } @@ -158,19 +187,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "type": "object", "required": [ "nodeSelectorTerms" ], "properties": { "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -178,12 +212,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -194,8 +231,10 @@ } }, "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "type": "object", "required": [ "key", @@ -203,12 +242,15 @@ ], "properties": { "key": { + "description": "The label key that the selector applies to.", "type": "string" }, "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string" @@ -231,11 +273,14 @@ "additionalProperties": false }, "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -243,17 +288,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -261,12 +310,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -277,6 +329,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -287,6 +340,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -294,6 +348,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -301,11 +356,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -313,12 +371,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -329,6 +390,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -339,18 +401,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -359,19 +424,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -379,12 +449,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -395,6 +468,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -405,6 +479,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -412,6 +487,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -419,11 +495,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -431,12 +510,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -447,6 +529,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -457,12 +540,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -473,11 +558,14 @@ "additionalProperties": false }, "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "type": "array", "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ "podAffinityTerm", @@ -485,17 +573,21 @@ ], "properties": { "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -503,12 +595,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -519,6 +614,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -529,6 +625,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -536,6 +633,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -543,11 +641,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -555,12 +656,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -571,6 +675,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -581,18 +686,21 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, "additionalProperties": false }, "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "type": "integer", "format": "int32" } @@ -601,19 +709,24 @@ } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key \u003ctopologyKey\u003e matches that of any node on which\na pod of the set of pods is running", "type": "object", "required": [ "topologyKey" ], "properties": { "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -621,12 +734,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -637,6 +753,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -647,6 +764,7 @@ "x-kubernetes-map-type": "atomic" }, "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -654,6 +772,7 @@ "x-kubernetes-list-type": "atomic" }, "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", "type": "array", "items": { "type": "string" @@ -661,11 +780,14 @@ "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "type": "object", "properties": { "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "type": "object", "required": [ "key", @@ -673,12 +795,15 @@ ], "properties": { "key": { + "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "type": "array", "items": { "type": "string" @@ -689,6 +814,7 @@ } }, "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -699,12 +825,14 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { "type": "string" } }, "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -723,6 +851,7 @@ "minimum": 1 }, "kubernetesConfig": { + "description": "KubernetesConfig will be the JSON struct for Basic Redis Config", "type": "object", "required": [ "image" @@ -738,14 +867,17 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "imagePullSecrets": { "type": "array", "items": { + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "type": "object", "properties": { "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -758,6 +890,7 @@ "format": "int32" }, "redisSecret": { + "description": "ExistingPasswordSecret is the struct to access the existing secret", "type": "object", "properties": { "key": { @@ -770,17 +903,21 @@ "additionalProperties": false }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -792,6 +929,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -807,6 +945,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -825,9 +964,11 @@ "additionalProperties": false }, "service": { + "description": "ServiceConfig define the type of service to be created and its annotations", "type": "object", "properties": { "additional": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -859,6 +1000,7 @@ } }, "headless": { + "description": "Service is the struct to define the service type and its annotations", "type": "object", "properties": { "additionalAnnotations": { @@ -895,12 +1037,15 @@ "additionalProperties": false }, "updateStrategy": { + "description": "StatefulSetUpdateStrategy indicates the strategy that the StatefulSet\ncontroller will use to perform updates. It includes any additional parameters\nnecessary to perform the update for the indicated strategy.", "type": "object", "properties": { "rollingUpdate": { + "description": "RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.", "type": "object", "properties": { "maxUnavailable": { + "description": "The maximum number of pods that can be unavailable during the update.\nValue can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).\nAbsolute number is calculated from percentage by rounding up. This can not be 0.\nDefaults to 1. This field is alpha-level and is only honored by servers that enable the\nMaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to\nReplicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it\nwill be counted towards MaxUnavailable.", "anyOf": [ { "type": "integer" @@ -912,6 +1057,7 @@ "x-kubernetes-int-or-string": true }, "partition": { + "description": "Partition indicates the ordinal at which the StatefulSet should be partitioned\nfor updates. During a rolling update, all pods from ordinal Replicas-1 to\nPartition are updated. All pods from ordinal Partition-1 to 0 remain untouched.\nThis is helpful in being able to do a canary based deployment. The default value is 0.", "type": "integer", "format": "int32" } @@ -919,6 +1065,7 @@ "additionalProperties": false }, "type": { + "description": "Type indicates the type of the StatefulSetUpdateStrategy.\nDefault is RollingUpdate.", "type": "string" } }, @@ -928,12 +1075,15 @@ "additionalProperties": false }, "livenessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -943,37 +1093,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -981,9 +1139,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -991,9 +1151,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1005,33 +1167,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1046,10 +1215,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1063,6 +1234,7 @@ } }, "pdb": { + "description": "RedisPodDisruptionBudget configure a PodDisruptionBudget on the resource (leader/follower)", "type": "object", "properties": { "enabled": { @@ -1083,12 +1255,15 @@ "type": "string" }, "readinessProbe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is\nalive or ready to receive traffic.", "type": "object", "properties": { "exec": { + "description": "Exec specifies the action to take.", "type": "object", "properties": { "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { "type": "string" @@ -1098,37 +1273,45 @@ "additionalProperties": false }, "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "type": "integer", "format": "int32" }, "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", "type": "object", "required": [ "port" ], "properties": { "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32" }, "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "additionalProperties": false }, "httpGet": { + "description": "HTTPGet specifies the http request to perform.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ "name", @@ -1136,9 +1319,11 @@ ], "properties": { "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { + "description": "The header field value", "type": "string" } }, @@ -1146,9 +1331,11 @@ } }, "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, "port": { + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1160,33 +1347,40 @@ "x-kubernetes-int-or-string": true }, "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, "additionalProperties": false }, "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" }, "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "type": "integer", "format": "int32" }, "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "type": "integer", "format": "int32" }, "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", "type": "object", "required": [ "port" ], "properties": { "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "anyOf": [ { "type": "integer" @@ -1201,10 +1395,12 @@ "additionalProperties": false }, "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "type": "integer", "format": "int32" } @@ -1248,21 +1444,26 @@ "type": "string" }, "redisReplicationPassword": { + "description": "EnvVarSource represents a source for the value of an EnvVar.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -1270,15 +1471,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -1286,15 +1490,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1307,6 +1514,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -1314,18 +1522,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -1339,60 +1551,75 @@ "additionalProperties": false }, "securityContext": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings.\nSome fields are also present in container.securityContext. Field values of\ncontainer.securityContext take precedence over field values of PodSecurityContext.", "type": "object", "properties": { "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "properties": { "level": { + "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { + "description": "Type is a SELinux type label that applies to the container.", "type": "string" }, "user": { + "description": "User is a SELinux user label that applies to the container.", "type": "string" } }, "additionalProperties": false }, "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "type": "object", "required": [ "type" ], "properties": { "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, "additionalProperties": false }, "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { "type": "integer", @@ -1400,8 +1627,10 @@ } }, "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { + "description": "Sysctl defines a kernel parameter to be set", "type": "object", "required": [ "name", @@ -1409,9 +1638,11 @@ ], "properties": { "name": { + "description": "Name of a property to set", "type": "string" }, "value": { + "description": "Value of a property to set", "type": "string" } }, @@ -1419,18 +1650,23 @@ } }, "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "type": "object", "properties": { "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", "type": "string" }, "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -1445,6 +1681,7 @@ "sidecars": { "type": "array", "items": { + "description": "Sidecar for each Redis pods", "type": "object", "required": [ "image", @@ -1454,33 +1691,41 @@ "env": { "type": "array", "items": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER.", "type": "string" }, "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "type": "object", "properties": { "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, @@ -1488,15 +1733,18 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['\u003cKEY\u003e']`, `metadata.annotations['\u003cKEY\u003e']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "type": "object", "required": [ "fieldPath" ], "properties": { "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { + "description": "Path of the field to select in the specified API version.", "type": "string" } }, @@ -1504,15 +1752,18 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "type": "object", "required": [ "resource" ], "properties": { "containerName": { + "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "anyOf": [ { @@ -1525,6 +1776,7 @@ "x-kubernetes-int-or-string": true }, "resource": { + "description": "Required: resource to select", "type": "string" } }, @@ -1532,18 +1784,22 @@ "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", "type": "object", "required": [ "key" ], "properties": { "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" }, "optional": { + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -1561,23 +1817,28 @@ "type": "string" }, "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", "type": "string" }, "name": { "type": "string" }, "resources": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", "properties": { "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" } }, @@ -1589,6 +1850,7 @@ "x-kubernetes-list-type": "map" }, "limits": { + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1604,6 +1866,7 @@ } }, "requests": { + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object", "additionalProperties": { "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", @@ -1628,22 +1891,28 @@ "tolerations": { "type": "array", "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.", "type": "object", "properties": { "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", "type": "integer", "format": "int64" }, "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, diff --git a/schema/secrets.crossplane.io/storeconfig_v1alpha1.json b/schema/secrets.crossplane.io/storeconfig_v1alpha1.json index 763d39d39..14305d5bf 100644 --- a/schema/secrets.crossplane.io/storeconfig_v1alpha1.json +++ b/schema/secrets.crossplane.io/storeconfig_v1alpha1.json @@ -1,64 +1,76 @@ { + "description": "A StoreConfig configures how Crossplane controllers should store connection\ndetails in an external secret store.", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "A StoreConfigSpec defines the desired state of a StoreConfig.", "type": "object", "required": [ "defaultScope" ], "properties": { "defaultScope": { + "description": "DefaultScope used for scoping secrets for \"cluster-scoped\" resources.\nIf store type is \"Kubernetes\", this would mean the default namespace to\nstore connection secrets for cluster scoped resources.\nIn case of \"Vault\", this would be used as the default parent path.\nTypically, should be set as Crossplane installation namespace.", "type": "string" }, "kubernetes": { + "description": "Kubernetes configures a Kubernetes secret store.\nIf the \"type\" is \"Kubernetes\" but no config provided, in cluster config\nwill be used.", "type": "object", "required": [ "auth" ], "properties": { "auth": { + "description": "Credentials used to connect to the Kubernetes API.", "type": "object", "required": [ "source" ], "properties": { "env": { + "description": "Env is a reference to an environment variable that contains credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name is the name of an environment variable.", "type": "string" } }, "additionalProperties": false }, "fs": { + "description": "Fs is a reference to a filesystem location that contains credentials that\nmust be used to connect to the provider.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "Path is a filesystem path.", "type": "string" } }, "additionalProperties": false }, "secretRef": { + "description": "A SecretRef is a reference to a secret key that contains the credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "key", @@ -67,18 +79,22 @@ ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, "additionalProperties": false }, "source": { + "description": "Source of the credentials.", "type": "string", "enum": [ "None", @@ -94,9 +110,11 @@ "additionalProperties": false }, "plugin": { + "description": "Plugin configures External secret store as a plugin.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef contains store config reference info.", "type": "object", "required": [ "apiVersion", @@ -105,24 +123,29 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the referenced config.", "type": "string" }, "kind": { + "description": "Kind of the referenced config.", "type": "string" }, "name": { + "description": "Name of the referenced config.", "type": "string" } }, "additionalProperties": false }, "endpoint": { + "description": "Endpoint is the endpoint of the gRPC server.", "type": "string" } }, "additionalProperties": false }, "type": { + "description": "Type configures which secret store to be used. Only the configuration\nblock for this store will be used and others will be ignored if provided.\nDefault is Kubernetes.", "type": "string", "default": "Kubernetes", "enum": [ diff --git a/schema/source.fluxcd.io/gitrepository_v1alpha1.json b/schema/source.fluxcd.io/gitrepository_v1alpha1.json index 95d3215e3..772d82368 100644 --- a/schema/source.fluxcd.io/gitrepository_v1alpha1.json +++ b/schema/source.fluxcd.io/gitrepository_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "GitRepository is the Schema for the gitrepositories API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "GitRepositorySpec defines the desired state of a Git repository.", "type": "object", "required": [ "interval", @@ -18,61 +22,76 @@ ], "properties": { "ignore": { + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "interval": { + "description": "The interval at which to check for repository updates.", "type": "string" }, "ref": { + "description": "The git reference to checkout and monitor for changes, defaults to master branch.", "type": "object", "properties": { "branch": { + "description": "The git branch to checkout, defaults to master.", "type": "string" }, "commit": { + "description": "The git commit sha to checkout, if specified tag filters will be ignored.", "type": "string" }, "semver": { + "description": "The git tag semver expression, takes precedence over tag.", "type": "string" }, "tag": { + "description": "The git tag to checkout, takes precedence over branch.", "type": "string" } }, "additionalProperties": false }, "secretRef": { + "description": "The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "timeout": { + "description": "The timeout for remote git operations like cloning, default to 20s.", "type": "string" }, "url": { + "description": "The repository URL, can be a HTTP or SSH address.", "type": "string", "pattern": "^(http|https|ssh)://" }, "verify": { + "description": "Verify OpenPGP signature for the commit that HEAD points to.", "type": "object", "required": [ "mode" ], "properties": { "mode": { + "description": "Mode describes what git object should be verified, currently ('head').", "type": "string", "enum": [ "head" ] }, "secretRef": { + "description": "The secret name containing the public keys of all trusted git authors.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -85,9 +104,11 @@ "additionalProperties": false }, "status": { + "description": "GitRepositoryStatus defines the observed state of a Git repository.", "type": "object", "properties": { "artifact": { + "description": "Artifact represents the output of the last successful repository sync.", "type": "object", "required": [ "path", @@ -95,16 +116,20 @@ ], "properties": { "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, "path": { + "description": "Path is the local file path of this artifact.", "type": "string" }, "revision": { + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a commit sha, git tag, a helm index timestamp, a helm chart version, a checksum, etc.", "type": "string" }, "url": { + "description": "URL is the HTTP address of this artifact.", "type": "string" } }, @@ -113,6 +138,7 @@ "conditions": { "type": "array", "items": { + "description": "SourceCondition contains condition information for a source.", "type": "object", "required": [ "status", @@ -120,19 +146,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -140,6 +171,7 @@ } }, "url": { + "description": "URL is the download link for the artifact output of the last repository sync.", "type": "string" } }, diff --git a/schema/source.fluxcd.io/helmchart_v1alpha1.json b/schema/source.fluxcd.io/helmchart_v1alpha1.json index 9f53e850f..ee99bafea 100644 --- a/schema/source.fluxcd.io/helmchart_v1alpha1.json +++ b/schema/source.fluxcd.io/helmchart_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "HelmChart is the Schema for the helmcharts API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "HelmChartSpec defines the desired state of a Helm chart.", "type": "object", "required": [ "helmRepositoryRef", @@ -19,30 +23,37 @@ ], "properties": { "helmRepositoryRef": { + "description": "The name of the HelmRepository the chart is available at.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "interval": { + "description": "The interval at which to check the Helm repository for updates.", "type": "string" }, "name": { + "description": "The name of the Helm chart, as made available by the referenced Helm repository.", "type": "string" }, "version": { + "description": "The chart version semver expression, defaults to latest when omitted.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "HelmChartStatus defines the observed state of the HelmChart.", "type": "object", "properties": { "artifact": { + "description": "Artifact represents the output of the last successful chart sync.", "type": "object", "required": [ "path", @@ -50,16 +61,20 @@ ], "properties": { "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, "path": { + "description": "Path is the local file path of this artifact.", "type": "string" }, "revision": { + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a commit sha, git tag, a helm index timestamp, a helm chart version, a checksum, etc.", "type": "string" }, "url": { + "description": "URL is the HTTP address of this artifact.", "type": "string" } }, @@ -68,6 +83,7 @@ "conditions": { "type": "array", "items": { + "description": "SourceCondition contains condition information for a source.", "type": "object", "required": [ "status", @@ -75,19 +91,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -95,6 +116,7 @@ } }, "url": { + "description": "URL is the download link for the last chart pulled.", "type": "string" } }, diff --git a/schema/source.fluxcd.io/helmrepository_v1alpha1.json b/schema/source.fluxcd.io/helmrepository_v1alpha1.json index 289ef8b09..1932ecf42 100644 --- a/schema/source.fluxcd.io/helmrepository_v1alpha1.json +++ b/schema/source.fluxcd.io/helmrepository_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "HelmRepository is the Schema for the helmrepositories API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "HelmRepositorySpec defines the reference to a Helm repository.", "type": "object", "required": [ "interval", @@ -18,27 +22,33 @@ ], "properties": { "interval": { + "description": "The interval at which to check the upstream for updates.", "type": "string" }, "secretRef": { + "description": "The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain caFile, keyFile and caCert fields.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "url": { + "description": "The Helm repository URL, a valid URL contains at least a protocol and host.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "HelmRepositoryStatus defines the observed state of the HelmRepository.", "type": "object", "properties": { "artifact": { + "description": "Artifact represents the output of the last successful repository sync.", "type": "object", "required": [ "path", @@ -46,16 +56,20 @@ ], "properties": { "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, "path": { + "description": "Path is the local file path of this artifact.", "type": "string" }, "revision": { + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a commit sha, git tag, a helm index timestamp, a helm chart version, a checksum, etc.", "type": "string" }, "url": { + "description": "URL is the HTTP address of this artifact.", "type": "string" } }, @@ -64,6 +78,7 @@ "conditions": { "type": "array", "items": { + "description": "SourceCondition contains condition information for a source.", "type": "object", "required": [ "status", @@ -71,19 +86,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -91,6 +111,7 @@ } }, "url": { + "description": "URL is the download link for the last index fetched.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/bucket_v1alpha1.json b/schema/source.toolkit.fluxcd.io/bucket_v1alpha1.json index 26cdc65d4..953e3cc12 100644 --- a/schema/source.toolkit.fluxcd.io/bucket_v1alpha1.json +++ b/schema/source.toolkit.fluxcd.io/bucket_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "Bucket is the Schema for the buckets API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "BucketSpec defines the desired state of an S3 compatible bucket", "type": "object", "required": [ "bucketName", @@ -19,21 +23,27 @@ ], "properties": { "bucketName": { + "description": "The bucket name.", "type": "string" }, "endpoint": { + "description": "The bucket endpoint address.", "type": "string" }, "ignore": { + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore).", "type": "string" }, "insecure": { + "description": "Insecure allows connecting to a non-TLS S3 HTTP endpoint.", "type": "boolean" }, "interval": { + "description": "The interval at which to check for bucket updates.", "type": "string" }, "provider": { + "description": "The S3 compatible storage provider name, default ('generic').", "type": "string", "enum": [ "generic", @@ -41,27 +51,33 @@ ] }, "region": { + "description": "The bucket region.", "type": "string" }, "secretRef": { + "description": "The secret name containing the bucket accesskey and secretkey.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "timeout": { + "description": "The timeout for download operations, default ('20s').", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "BucketStatus defines the observed state of a bucket", "type": "object", "properties": { "artifact": { + "description": "Artifact represents the output of the last successful Bucket sync.", "type": "object", "required": [ "path", @@ -69,27 +85,34 @@ ], "properties": { "checksum": { + "description": "Checksum is the SHA1 checksum of the artifact.", "type": "string" }, "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, "path": { + "description": "Path is the relative file path of this artifact.", "type": "string" }, "revision": { + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { + "description": "URL is the HTTP address of this artifact.", "type": "string" } }, "additionalProperties": false }, "conditions": { + "description": "Conditions holds the conditions for the Bucket.", "type": "array", "items": { + "description": "SourceCondition contains condition information for a source.", "type": "object", "required": [ "status", @@ -97,19 +120,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -117,10 +145,12 @@ } }, "observedGeneration": { + "description": "ObservedGeneration is the last observed generation.", "type": "integer", "format": "int64" }, "url": { + "description": "URL is the download link for the artifact output of the last Bucket sync.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/bucket_v1beta1.json b/schema/source.toolkit.fluxcd.io/bucket_v1beta1.json index 2f3dff484..46e2f8d8b 100644 --- a/schema/source.toolkit.fluxcd.io/bucket_v1beta1.json +++ b/schema/source.toolkit.fluxcd.io/bucket_v1beta1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -30,14 +30,14 @@ ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -59,7 +59,7 @@ "type": "string" }, "ignore": { - "description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.", + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "insecure": { @@ -85,7 +85,7 @@ "type": "string" }, "secretRef": { - "description": "The name of the secret containing authentication credentials\nfor the Bucket.", + "description": "The name of the secret containing authentication credentials for the Bucket.", "type": "object", "required": [ "name" @@ -121,17 +121,16 @@ "description": "Artifact represents the output of the last successful Bucket sync.", "type": "object", "required": [ - "lastUpdateTime", "path", "url" ], "properties": { "checksum": { - "description": "Checksum is the SHA256 checksum of the artifact.", + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", "type": "string" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, @@ -140,7 +139,7 @@ "type": "string" }, "revision": { - "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { @@ -154,7 +153,7 @@ "description": "Conditions holds the conditions for the Bucket.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -165,23 +164,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -197,7 +196,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -207,7 +206,7 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { diff --git a/schema/source.toolkit.fluxcd.io/bucket_v1beta2.json b/schema/source.toolkit.fluxcd.io/bucket_v1beta2.json index 7d47aa6cf..c778d0abe 100644 --- a/schema/source.toolkit.fluxcd.io/bucket_v1beta2.json +++ b/schema/source.toolkit.fluxcd.io/bucket_v1beta2.json @@ -3,18 +3,18 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "BucketSpec specifies the required configuration to produce an Artifact for\nan object storage bucket.", + "description": "BucketSpec specifies the required configuration to produce an Artifact for an object storage bucket.", "type": "object", "required": [ "bucketName", @@ -23,21 +23,21 @@ ], "properties": { "accessFrom": { - "description": "AccessFrom specifies an Access Control List for allowing cross-namespace\nreferences to this object.\nNOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", + "description": "AccessFrom specifies an Access Control List for allowing cross-namespace references to this object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", "type": "object", "required": [ "namespaceSelectors" ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -54,26 +54,12 @@ "description": "BucketName is the name of the object storage bucket.", "type": "string" }, - "certSecretRef": { - "description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nbucket. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `generic` provider.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "additionalProperties": false - }, "endpoint": { "description": "Endpoint is the object storage address the BucketName is located at.", "type": "string" }, "ignore": { - "description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.", + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "insecure": { @@ -81,7 +67,7 @@ "type": "boolean" }, "interval": { - "description": "Interval at which the Bucket Endpoint is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", + "description": "Interval at which the Bucket Endpoint is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, @@ -90,7 +76,7 @@ "type": "string" }, "provider": { - "description": "Provider of the object storage bucket.\nDefaults to 'generic', which expects an S3 (API) compatible object\nstorage.", + "description": "Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API) compatible object storage.", "type": "string", "default": "generic", "enum": [ @@ -100,26 +86,12 @@ "azure" ] }, - "proxySecretRef": { - "description": "ProxySecretRef specifies the Secret containing the proxy configuration\nto use while communicating with the Bucket server.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "additionalProperties": false - }, "region": { "description": "Region of the Endpoint where the BucketName is located in.", "type": "string" }, "secretRef": { - "description": "SecretRef specifies the Secret containing authentication credentials\nfor the Bucket.", + "description": "SecretRef specifies the Secret containing authentication credentials for the Bucket.", "type": "object", "required": [ "name" @@ -132,60 +104,8 @@ }, "additionalProperties": false }, - "sts": { - "description": "STS specifies the required configuration to use a Security Token\nService for fetching temporary credentials to authenticate in a\nBucket provider.\n\nThis field is only supported for the `aws` and `generic` providers.", - "type": "object", - "required": [ - "endpoint", - "provider" - ], - "properties": { - "certSecretRef": { - "description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nSTS endpoint. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nThis field is only supported for the `ldap` provider.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "additionalProperties": false - }, - "endpoint": { - "description": "Endpoint is the HTTP/S endpoint of the Security Token Service from\nwhere temporary credentials will be fetched.", - "type": "string", - "pattern": "^(http|https)://.*$" - }, - "provider": { - "description": "Provider of the Security Token Service.", - "type": "string", - "enum": [ - "aws", - "ldap" - ] - }, - "secretRef": { - "description": "SecretRef specifies the Secret containing authentication credentials\nfor the STS endpoint. This Secret must contain the fields `username`\nand `password` and is supported only for the `ldap` provider.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - }, "suspend": { - "description": "Suspend tells the controller to suspend the reconciliation of this\nBucket.", + "description": "Suspend tells the controller to suspend the reconciliation of this Bucket.", "type": "boolean" }, "timeout": { @@ -195,29 +115,7 @@ "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" } }, - "additionalProperties": false, - "x-kubernetes-validations": [ - { - "rule": "self.provider == 'aws' || self.provider == 'generic' || !has(self.sts)", - "message": "STS configuration is only supported for the 'aws' and 'generic' Bucket providers" - }, - { - "rule": "self.provider != 'aws' || !has(self.sts) || self.sts.provider == 'aws'", - "message": "'aws' is the only supported STS provider for the 'aws' Bucket provider" - }, - { - "rule": "self.provider != 'generic' || !has(self.sts) || self.sts.provider == 'ldap'", - "message": "'ldap' is the only supported STS provider for the 'generic' Bucket provider" - }, - { - "rule": "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.secretRef)", - "message": "spec.sts.secretRef is not required for the 'aws' STS provider" - }, - { - "rule": "!has(self.sts) || self.sts.provider != 'aws' || !has(self.sts.certSecretRef)", - "message": "spec.sts.certSecretRef is not required for the 'aws' STS provider" - } - ] + "additionalProperties": false }, "status": { "description": "BucketStatus records the observed state of a Bucket.", @@ -230,20 +128,23 @@ "description": "Artifact represents the last successful Bucket reconciliation.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", "url" ], "properties": { + "checksum": { + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", + "type": "string" + }, "digest": { "description": "Digest is the digest of the file in the form of '\u003calgorithm\u003e:\u003cchecksum\u003e'.", "type": "string", "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -255,11 +156,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -268,7 +169,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -278,7 +179,7 @@ "description": "Conditions holds the conditions for the Bucket.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -289,23 +190,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -321,7 +222,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -331,7 +232,7 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { @@ -340,11 +241,11 @@ "format": "int64" }, "observedIgnore": { - "description": "ObservedIgnore is the observed exclusion patterns used for constructing\nthe source artifact.", + "description": "ObservedIgnore is the observed exclusion patterns used for constructing the source artifact.", "type": "string" }, "url": { - "description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact data is recommended.", + "description": "URL is the dynamic fetch link for the latest Artifact. It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact data is recommended.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/gitrepository_v1.json b/schema/source.toolkit.fluxcd.io/gitrepository_v1.json index 21a2cf2d1..f9b1d6d79 100644 --- a/schema/source.toolkit.fluxcd.io/gitrepository_v1.json +++ b/schema/source.toolkit.fluxcd.io/gitrepository_v1.json @@ -3,18 +3,18 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "GitRepositorySpec specifies the required configuration to produce an\nArtifact for a Git repository.", + "description": "GitRepositorySpec specifies the required configuration to produce an Artifact for a Git repository.", "type": "object", "required": [ "interval", @@ -22,25 +22,25 @@ ], "properties": { "ignore": { - "description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.", + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "include": { - "description": "Include specifies a list of GitRepository resources which Artifacts\nshould be included in the Artifact produced for this GitRepository.", + "description": "Include specifies a list of GitRepository resources which Artifacts should be included in the Artifact produced for this GitRepository.", "type": "array", "items": { - "description": "GitRepositoryInclude specifies a local reference to a GitRepository which\nArtifact (sub-)contents must be included, and where they should be placed.", + "description": "GitRepositoryInclude specifies a local reference to a GitRepository which Artifact (sub-)contents must be included, and where they should be placed.", "type": "object", "required": [ "repository" ], "properties": { "fromPath": { - "description": "FromPath specifies the path to copy contents from, defaults to the root\nof the Artifact.", + "description": "FromPath specifies the path to copy contents from, defaults to the root of the Artifact.", "type": "string" }, "repository": { - "description": "GitRepositoryRef specifies the GitRepository which Artifact contents\nmust be included.", + "description": "GitRepositoryRef specifies the GitRepository which Artifact contents must be included.", "type": "object", "required": [ "name" @@ -54,7 +54,7 @@ "additionalProperties": false }, "toPath": { - "description": "ToPath specifies the path to copy contents to, defaults to the name of\nthe GitRepositoryRef.", + "description": "ToPath specifies the path to copy contents to, defaults to the name of the GitRepositoryRef.", "type": "string" } }, @@ -62,21 +62,12 @@ } }, "interval": { - "description": "Interval at which the GitRepository URL is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", + "description": "Interval at which the GitRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, - "provider": { - "description": "Provider used for authentication, can be 'azure', 'github', 'generic'.\nWhen not specified, defaults to 'generic'.", - "type": "string", - "enum": [ - "generic", - "azure", - "github" - ] - }, "proxySecretRef": { - "description": "ProxySecretRef specifies the Secret containing the proxy configuration\nto use while communicating with the Git server.", + "description": "ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating with the Git server.", "type": "object", "required": [ "name" @@ -90,11 +81,11 @@ "additionalProperties": false }, "recurseSubmodules": { - "description": "RecurseSubmodules enables the initialization of all submodules within\nthe GitRepository as cloned from the URL, using their default settings.", + "description": "RecurseSubmodules enables the initialization of all submodules within the GitRepository as cloned from the URL, using their default settings.", "type": "boolean" }, "ref": { - "description": "Reference specifies the Git reference to resolve and monitor for\nchanges, defaults to the 'master' branch.", + "description": "Reference specifies the Git reference to resolve and monitor for changes, defaults to the 'master' branch.", "type": "object", "properties": { "branch": { @@ -102,11 +93,11 @@ "type": "string" }, "commit": { - "description": "Commit SHA to check out, takes precedence over all reference fields.\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist.", + "description": "Commit SHA to check out, takes precedence over all reference fields. \n This can be combined with Branch to shallow clone the branch, in which the commit is expected to exist.", "type": "string" }, "name": { - "description": "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"", + "description": "Name of the reference to check out; takes precedence over Branch, Tag and SemVer. \n It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description Examples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"", "type": "string" }, "semver": { @@ -121,7 +112,7 @@ "additionalProperties": false }, "secretRef": { - "description": "SecretRef specifies the Secret containing authentication credentials for\nthe GitRepository.\nFor HTTPS repositories the Secret must contain 'username' and 'password'\nfields for basic auth or 'bearerToken' field for token auth.\nFor SSH repositories the Secret must contain 'identity'\nand 'known_hosts' fields.", + "description": "SecretRef specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain 'username' and 'password' fields for basic auth or 'bearerToken' field for token auth. For SSH repositories the Secret must contain 'identity' and 'known_hosts' fields.", "type": "object", "required": [ "name" @@ -134,19 +125,8 @@ }, "additionalProperties": false }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to\nauthenticate to the GitRepository. This field is only supported for 'azure' provider.", - "type": "string" - }, - "sparseCheckout": { - "description": "SparseCheckout specifies a list of directories to checkout when cloning\nthe repository. If specified, only these directories are included in the\nArtifact produced for this GitRepository.", - "type": "array", - "items": { - "type": "string" - } - }, "suspend": { - "description": "Suspend tells the controller to suspend the reconciliation of this\nGitRepository.", + "description": "Suspend tells the controller to suspend the reconciliation of this GitRepository.", "type": "boolean" }, "timeout": { @@ -161,14 +141,14 @@ "pattern": "^(http|https|ssh)://.*$" }, "verify": { - "description": "Verification specifies the configuration to verify the Git commit\nsignature(s).", + "description": "Verification specifies the configuration to verify the Git commit signature(s).", "type": "object", "required": [ "secretRef" ], "properties": { "mode": { - "description": "Mode specifies which Git object(s) should be verified.\n\nThe variants \"head\" and \"HEAD\" both imply the same thing, i.e. verify\nthe commit that the HEAD of the Git repository points to. The variant\n\"head\" solely exists to ensure backwards compatibility.", + "description": "Mode specifies which Git object(s) should be verified. \n The variants \"head\" and \"HEAD\" both imply the same thing, i.e. verify the commit that the HEAD of the Git repository points to. The variant \"head\" solely exists to ensure backwards compatibility.", "type": "string", "default": "HEAD", "enum": [ @@ -179,7 +159,7 @@ ] }, "secretRef": { - "description": "SecretRef specifies the Secret containing the public keys of trusted Git\nauthors.", + "description": "SecretRef specifies the Secret containing the public keys of trusted Git authors.", "type": "object", "required": [ "name" @@ -196,13 +176,7 @@ "additionalProperties": false } }, - "additionalProperties": false, - "x-kubernetes-validations": [ - { - "rule": "!has(self.serviceAccountName) || (has(self.provider) \u0026\u0026 self.provider == 'azure')", - "message": "serviceAccountName can only be set when provider is 'azure'" - } - ] + "additionalProperties": false }, "status": { "description": "GitRepositoryStatus records the observed state of a Git repository.", @@ -215,7 +189,6 @@ "description": "Artifact represents the last successful GitRepository reconciliation.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", @@ -228,7 +201,7 @@ "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -240,11 +213,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -253,7 +226,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -263,7 +236,7 @@ "description": "Conditions holds the conditions for the GitRepository.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -274,23 +247,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -306,7 +279,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -316,13 +289,12 @@ } }, "includedArtifacts": { - "description": "IncludedArtifacts contains a list of the last successfully included\nArtifacts as instructed by GitRepositorySpec.Include.", + "description": "IncludedArtifacts contains a list of the last successfully included Artifacts as instructed by GitRepositorySpec.Include.", "type": "array", "items": { "description": "Artifact represents the output of a Source reconciliation.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", @@ -335,7 +307,7 @@ "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -347,11 +319,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -360,7 +332,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -368,34 +340,34 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { - "description": "ObservedGeneration is the last observed generation of the GitRepository\nobject.", + "description": "ObservedGeneration is the last observed generation of the GitRepository object.", "type": "integer", "format": "int64" }, "observedIgnore": { - "description": "ObservedIgnore is the observed exclusion patterns used for constructing\nthe source artifact.", + "description": "ObservedIgnore is the observed exclusion patterns used for constructing the source artifact.", "type": "string" }, "observedInclude": { - "description": "ObservedInclude is the observed list of GitRepository resources used to\nproduce the current Artifact.", + "description": "ObservedInclude is the observed list of GitRepository resources used to produce the current Artifact.", "type": "array", "items": { - "description": "GitRepositoryInclude specifies a local reference to a GitRepository which\nArtifact (sub-)contents must be included, and where they should be placed.", + "description": "GitRepositoryInclude specifies a local reference to a GitRepository which Artifact (sub-)contents must be included, and where they should be placed.", "type": "object", "required": [ "repository" ], "properties": { "fromPath": { - "description": "FromPath specifies the path to copy contents from, defaults to the root\nof the Artifact.", + "description": "FromPath specifies the path to copy contents from, defaults to the root of the Artifact.", "type": "string" }, "repository": { - "description": "GitRepositoryRef specifies the GitRepository which Artifact contents\nmust be included.", + "description": "GitRepositoryRef specifies the GitRepository which Artifact contents must be included.", "type": "object", "required": [ "name" @@ -409,7 +381,7 @@ "additionalProperties": false }, "toPath": { - "description": "ToPath specifies the path to copy contents to, defaults to the name of\nthe GitRepositoryRef.", + "description": "ToPath specifies the path to copy contents to, defaults to the name of the GitRepositoryRef.", "type": "string" } }, @@ -417,18 +389,11 @@ } }, "observedRecurseSubmodules": { - "description": "ObservedRecurseSubmodules is the observed resource submodules\nconfiguration used to produce the current Artifact.", + "description": "ObservedRecurseSubmodules is the observed resource submodules configuration used to produce the current Artifact.", "type": "boolean" }, - "observedSparseCheckout": { - "description": "ObservedSparseCheckout is the observed list of directories used to\nproduce the current Artifact.", - "type": "array", - "items": { - "type": "string" - } - }, "sourceVerificationMode": { - "description": "SourceVerificationMode is the last used verification mode indicating\nwhich Git object(s) have been verified.", + "description": "SourceVerificationMode is the last used verification mode indicating which Git object(s) have been verified.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/gitrepository_v1alpha1.json b/schema/source.toolkit.fluxcd.io/gitrepository_v1alpha1.json index b7c54f5df..af11d1a94 100644 --- a/schema/source.toolkit.fluxcd.io/gitrepository_v1alpha1.json +++ b/schema/source.toolkit.fluxcd.io/gitrepository_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "GitRepository is the Schema for the gitrepositories API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "GitRepositorySpec defines the desired state of a Git repository.", "type": "object", "required": [ "interval", @@ -18,61 +22,76 @@ ], "properties": { "ignore": { + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "interval": { + "description": "The interval at which to check for repository updates.", "type": "string" }, "ref": { + "description": "The git reference to checkout and monitor for changes, defaults to master branch.", "type": "object", "properties": { "branch": { + "description": "The git branch to checkout, defaults to master.", "type": "string" }, "commit": { + "description": "The git commit sha to checkout, if specified tag filters will be ignored.", "type": "string" }, "semver": { + "description": "The git tag semver expression, takes precedence over tag.", "type": "string" }, "tag": { + "description": "The git tag to checkout, takes precedence over branch.", "type": "string" } }, "additionalProperties": false }, "secretRef": { + "description": "The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "timeout": { + "description": "The timeout for remote git operations like cloning, default to 20s.", "type": "string" }, "url": { + "description": "The repository URL, can be a HTTP or SSH address.", "type": "string", "pattern": "^(http|https|ssh)://" }, "verify": { + "description": "Verify OpenPGP signature for the commit that HEAD points to.", "type": "object", "required": [ "mode" ], "properties": { "mode": { + "description": "Mode describes what git object should be verified, currently ('head').", "type": "string", "enum": [ "head" ] }, "secretRef": { + "description": "The secret name containing the public keys of all trusted git authors.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, @@ -85,9 +104,11 @@ "additionalProperties": false }, "status": { + "description": "GitRepositoryStatus defines the observed state of a Git repository.", "type": "object", "properties": { "artifact": { + "description": "Artifact represents the output of the last successful repository sync.", "type": "object", "required": [ "path", @@ -95,27 +116,34 @@ ], "properties": { "checksum": { + "description": "Checksum is the SHA1 checksum of the artifact.", "type": "string" }, "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, "path": { + "description": "Path is the relative file path of this artifact.", "type": "string" }, "revision": { + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { + "description": "URL is the HTTP address of this artifact.", "type": "string" } }, "additionalProperties": false }, "conditions": { + "description": "Conditions holds the conditions for the GitRepository.", "type": "array", "items": { + "description": "SourceCondition contains condition information for a source.", "type": "object", "required": [ "status", @@ -123,19 +151,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -143,10 +176,12 @@ } }, "observedGeneration": { + "description": "ObservedGeneration is the last observed generation.", "type": "integer", "format": "int64" }, "url": { + "description": "URL is the download link for the artifact output of the last repository sync.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/gitrepository_v1beta1.json b/schema/source.toolkit.fluxcd.io/gitrepository_v1beta1.json index e7a0572c6..84749fd25 100644 --- a/schema/source.toolkit.fluxcd.io/gitrepository_v1beta1.json +++ b/schema/source.toolkit.fluxcd.io/gitrepository_v1beta1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -29,14 +29,14 @@ ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -50,7 +50,7 @@ "additionalProperties": false }, "gitImplementation": { - "description": "Determines which git client library to use.\nDefaults to go-git, valid values are ('go-git', 'libgit2').", + "description": "Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2').", "type": "string", "default": "go-git", "enum": [ @@ -59,7 +59,7 @@ ] }, "ignore": { - "description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.", + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "include": { @@ -103,11 +103,11 @@ "type": "string" }, "recurseSubmodules": { - "description": "When enabled, after the clone is created, initializes all submodules within,\nusing their default settings.\nThis option is available only when using the 'go-git' GitImplementation.", + "description": "When enabled, after the clone is created, initializes all submodules within, using their default settings. This option is available only when using the 'go-git' GitImplementation.", "type": "boolean" }, "ref": { - "description": "The Git reference to checkout and monitor for changes, defaults to\nmaster branch.", + "description": "The Git reference to checkout and monitor for changes, defaults to master branch.", "type": "object", "properties": { "branch": { @@ -130,7 +130,7 @@ "additionalProperties": false }, "secretRef": { - "description": "The secret name containing the Git credentials.\nFor HTTPS repositories the secret must contain username and password\nfields.\nFor SSH repositories the secret must contain identity and known_hosts\nfields.", + "description": "The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity and known_hosts fields.", "type": "object", "required": [ "name" @@ -202,17 +202,16 @@ "description": "Artifact represents the output of the last successful repository sync.", "type": "object", "required": [ - "lastUpdateTime", "path", "url" ], "properties": { "checksum": { - "description": "Checksum is the SHA256 checksum of the artifact.", + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", "type": "string" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, @@ -221,7 +220,7 @@ "type": "string" }, "revision": { - "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { @@ -235,7 +234,7 @@ "description": "Conditions holds the conditions for the GitRepository.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -246,23 +245,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -278,7 +277,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -294,17 +293,16 @@ "description": "Artifact represents the output of a source synchronisation.", "type": "object", "required": [ - "lastUpdateTime", "path", "url" ], "properties": { "checksum": { - "description": "Checksum is the SHA256 checksum of the artifact.", + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", "type": "string" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, @@ -313,7 +311,7 @@ "type": "string" }, "revision": { - "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { @@ -325,7 +323,7 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { @@ -334,7 +332,7 @@ "format": "int64" }, "url": { - "description": "URL is the download link for the artifact output of the last repository\nsync.", + "description": "URL is the download link for the artifact output of the last repository sync.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/gitrepository_v1beta2.json b/schema/source.toolkit.fluxcd.io/gitrepository_v1beta2.json index 516102a3d..e1a0f4a15 100644 --- a/schema/source.toolkit.fluxcd.io/gitrepository_v1beta2.json +++ b/schema/source.toolkit.fluxcd.io/gitrepository_v1beta2.json @@ -3,18 +3,18 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "GitRepositorySpec specifies the required configuration to produce an\nArtifact for a Git repository.", + "description": "GitRepositorySpec specifies the required configuration to produce an Artifact for a Git repository.", "type": "object", "required": [ "interval", @@ -22,21 +22,21 @@ ], "properties": { "accessFrom": { - "description": "AccessFrom specifies an Access Control List for allowing cross-namespace\nreferences to this object.\nNOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", + "description": "AccessFrom specifies an Access Control List for allowing cross-namespace references to this object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", "type": "object", "required": [ "namespaceSelectors" ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -50,7 +50,7 @@ "additionalProperties": false }, "gitImplementation": { - "description": "GitImplementation specifies which Git client library implementation to\nuse. Defaults to 'go-git', valid values are ('go-git', 'libgit2').\nDeprecated: gitImplementation is deprecated now that 'go-git' is the\nonly supported implementation.", + "description": "GitImplementation specifies which Git client library implementation to use. Defaults to 'go-git', valid values are ('go-git', 'libgit2'). Deprecated: gitImplementation is deprecated now that 'go-git' is the only supported implementation.", "type": "string", "default": "go-git", "enum": [ @@ -59,25 +59,25 @@ ] }, "ignore": { - "description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.", + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "include": { - "description": "Include specifies a list of GitRepository resources which Artifacts\nshould be included in the Artifact produced for this GitRepository.", + "description": "Include specifies a list of GitRepository resources which Artifacts should be included in the Artifact produced for this GitRepository.", "type": "array", "items": { - "description": "GitRepositoryInclude specifies a local reference to a GitRepository which\nArtifact (sub-)contents must be included, and where they should be placed.", + "description": "GitRepositoryInclude specifies a local reference to a GitRepository which Artifact (sub-)contents must be included, and where they should be placed.", "type": "object", "required": [ "repository" ], "properties": { "fromPath": { - "description": "FromPath specifies the path to copy contents from, defaults to the root\nof the Artifact.", + "description": "FromPath specifies the path to copy contents from, defaults to the root of the Artifact.", "type": "string" }, "repository": { - "description": "GitRepositoryRef specifies the GitRepository which Artifact contents\nmust be included.", + "description": "GitRepositoryRef specifies the GitRepository which Artifact contents must be included.", "type": "object", "required": [ "name" @@ -91,7 +91,7 @@ "additionalProperties": false }, "toPath": { - "description": "ToPath specifies the path to copy contents to, defaults to the name of\nthe GitRepositoryRef.", + "description": "ToPath specifies the path to copy contents to, defaults to the name of the GitRepositoryRef.", "type": "string" } }, @@ -104,11 +104,11 @@ "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "recurseSubmodules": { - "description": "RecurseSubmodules enables the initialization of all submodules within\nthe GitRepository as cloned from the URL, using their default settings.", + "description": "RecurseSubmodules enables the initialization of all submodules within the GitRepository as cloned from the URL, using their default settings.", "type": "boolean" }, "ref": { - "description": "Reference specifies the Git reference to resolve and monitor for\nchanges, defaults to the 'master' branch.", + "description": "Reference specifies the Git reference to resolve and monitor for changes, defaults to the 'master' branch.", "type": "object", "properties": { "branch": { @@ -116,11 +116,11 @@ "type": "string" }, "commit": { - "description": "Commit SHA to check out, takes precedence over all reference fields.\n\nThis can be combined with Branch to shallow clone the branch, in which\nthe commit is expected to exist.", + "description": "Commit SHA to check out, takes precedence over all reference fields. \n This can be combined with Branch to shallow clone the branch, in which the commit is expected to exist.", "type": "string" }, "name": { - "description": "Name of the reference to check out; takes precedence over Branch, Tag and SemVer.\n\nIt must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description\nExamples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"", + "description": "Name of the reference to check out; takes precedence over Branch, Tag and SemVer. \n It must be a valid Git reference: https://git-scm.com/docs/git-check-ref-format#_description Examples: \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", \"refs/merge-requests/1/head\"", "type": "string" }, "semver": { @@ -135,7 +135,7 @@ "additionalProperties": false }, "secretRef": { - "description": "SecretRef specifies the Secret containing authentication credentials for\nthe GitRepository.\nFor HTTPS repositories the Secret must contain 'username' and 'password'\nfields for basic auth or 'bearerToken' field for token auth.\nFor SSH repositories the Secret must contain 'identity'\nand 'known_hosts' fields.", + "description": "SecretRef specifies the Secret containing authentication credentials for the GitRepository. For HTTPS repositories the Secret must contain 'username' and 'password' fields for basic auth or 'bearerToken' field for token auth. For SSH repositories the Secret must contain 'identity' and 'known_hosts' fields.", "type": "object", "required": [ "name" @@ -149,7 +149,7 @@ "additionalProperties": false }, "suspend": { - "description": "Suspend tells the controller to suspend the reconciliation of this\nGitRepository.", + "description": "Suspend tells the controller to suspend the reconciliation of this GitRepository.", "type": "boolean" }, "timeout": { @@ -164,7 +164,7 @@ "pattern": "^(http|https|ssh)://.*$" }, "verify": { - "description": "Verification specifies the configuration to verify the Git commit\nsignature(s).", + "description": "Verification specifies the configuration to verify the Git commit signature(s).", "type": "object", "required": [ "mode", @@ -179,7 +179,7 @@ ] }, "secretRef": { - "description": "SecretRef specifies the Secret containing the public keys of trusted Git\nauthors.", + "description": "SecretRef specifies the Secret containing the public keys of trusted Git authors.", "type": "object", "required": [ "name" @@ -209,7 +209,6 @@ "description": "Artifact represents the last successful GitRepository reconciliation.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", @@ -222,7 +221,7 @@ "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -234,11 +233,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -247,7 +246,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -257,7 +256,7 @@ "description": "Conditions holds the conditions for the GitRepository.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -268,23 +267,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -300,7 +299,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -310,17 +309,16 @@ } }, "contentConfigChecksum": { - "description": "ContentConfigChecksum is a checksum of all the configurations related to\nthe content of the source artifact:\n - .spec.ignore\n - .spec.recurseSubmodules\n - .spec.included and the checksum of the included artifacts\nobserved in .status.observedGeneration version of the object. This can\nbe used to determine if the content of the included repository has\nchanged.\nIt has the format of `\u003calgo\u003e:\u003cchecksum\u003e`, for example: `sha256:\u003cchecksum\u003e`.\n\nDeprecated: Replaced with explicit fields for observed artifact content\nconfig in the status.", + "description": "ContentConfigChecksum is a checksum of all the configurations related to the content of the source artifact: - .spec.ignore - .spec.recurseSubmodules - .spec.included and the checksum of the included artifacts observed in .status.observedGeneration version of the object. This can be used to determine if the content of the included repository has changed. It has the format of `\u003calgo\u003e:\u003cchecksum\u003e`, for example: `sha256:\u003cchecksum\u003e`. \n Deprecated: Replaced with explicit fields for observed artifact content config in the status.", "type": "string" }, "includedArtifacts": { - "description": "IncludedArtifacts contains a list of the last successfully included\nArtifacts as instructed by GitRepositorySpec.Include.", + "description": "IncludedArtifacts contains a list of the last successfully included Artifacts as instructed by GitRepositorySpec.Include.", "type": "array", "items": { "description": "Artifact represents the output of a Source reconciliation.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", @@ -333,7 +331,7 @@ "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -345,11 +343,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -358,7 +356,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -366,34 +364,34 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { - "description": "ObservedGeneration is the last observed generation of the GitRepository\nobject.", + "description": "ObservedGeneration is the last observed generation of the GitRepository object.", "type": "integer", "format": "int64" }, "observedIgnore": { - "description": "ObservedIgnore is the observed exclusion patterns used for constructing\nthe source artifact.", + "description": "ObservedIgnore is the observed exclusion patterns used for constructing the source artifact.", "type": "string" }, "observedInclude": { - "description": "ObservedInclude is the observed list of GitRepository resources used to\nto produce the current Artifact.", + "description": "ObservedInclude is the observed list of GitRepository resources used to to produce the current Artifact.", "type": "array", "items": { - "description": "GitRepositoryInclude specifies a local reference to a GitRepository which\nArtifact (sub-)contents must be included, and where they should be placed.", + "description": "GitRepositoryInclude specifies a local reference to a GitRepository which Artifact (sub-)contents must be included, and where they should be placed.", "type": "object", "required": [ "repository" ], "properties": { "fromPath": { - "description": "FromPath specifies the path to copy contents from, defaults to the root\nof the Artifact.", + "description": "FromPath specifies the path to copy contents from, defaults to the root of the Artifact.", "type": "string" }, "repository": { - "description": "GitRepositoryRef specifies the GitRepository which Artifact contents\nmust be included.", + "description": "GitRepositoryRef specifies the GitRepository which Artifact contents must be included.", "type": "object", "required": [ "name" @@ -407,7 +405,7 @@ "additionalProperties": false }, "toPath": { - "description": "ToPath specifies the path to copy contents to, defaults to the name of\nthe GitRepositoryRef.", + "description": "ToPath specifies the path to copy contents to, defaults to the name of the GitRepositoryRef.", "type": "string" } }, @@ -415,11 +413,11 @@ } }, "observedRecurseSubmodules": { - "description": "ObservedRecurseSubmodules is the observed resource submodules\nconfiguration used to produce the current Artifact.", + "description": "ObservedRecurseSubmodules is the observed resource submodules configuration used to produce the current Artifact.", "type": "boolean" }, "url": { - "description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nGitRepositoryStatus.Artifact data is recommended.", + "description": "URL is the dynamic fetch link for the latest Artifact. It is provided on a \"best effort\" basis, and using the precise GitRepositoryStatus.Artifact data is recommended.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/helmchart_v1alpha1.json b/schema/source.toolkit.fluxcd.io/helmchart_v1alpha1.json index 9d73e5da4..d23ce559e 100644 --- a/schema/source.toolkit.fluxcd.io/helmchart_v1alpha1.json +++ b/schema/source.toolkit.fluxcd.io/helmchart_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "HelmChart is the Schema for the helmcharts API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "HelmChartSpec defines the desired state of a Helm chart.", "type": "object", "required": [ "chart", @@ -19,12 +23,15 @@ ], "properties": { "chart": { + "description": "The name or path the Helm chart is available at in the SourceRef.", "type": "string" }, "interval": { + "description": "The interval at which to check the Source for updates.", "type": "string" }, "sourceRef": { + "description": "The reference to the Source the chart is available at.", "type": "object", "required": [ "kind", @@ -32,9 +39,11 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the referent.", "type": "string" }, "kind": { + "description": "Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').", "type": "string", "enum": [ "HelmRepository", @@ -43,24 +52,29 @@ ] }, "name": { + "description": "Name of the referent.", "type": "string" } }, "additionalProperties": false }, "valuesFile": { + "description": "Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.", "type": "string" }, "version": { + "description": "The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "HelmChartStatus defines the observed state of the HelmChart.", "type": "object", "properties": { "artifact": { + "description": "Artifact represents the output of the last successful chart sync.", "type": "object", "required": [ "path", @@ -68,27 +82,34 @@ ], "properties": { "checksum": { + "description": "Checksum is the SHA1 checksum of the artifact.", "type": "string" }, "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, "path": { + "description": "Path is the relative file path of this artifact.", "type": "string" }, "revision": { + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { + "description": "URL is the HTTP address of this artifact.", "type": "string" } }, "additionalProperties": false }, "conditions": { + "description": "Conditions holds the conditions for the HelmChart.", "type": "array", "items": { + "description": "SourceCondition contains condition information for a source.", "type": "object", "required": [ "status", @@ -96,19 +117,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -116,10 +142,12 @@ } }, "observedGeneration": { + "description": "ObservedGeneration is the last observed generation.", "type": "integer", "format": "int64" }, "url": { + "description": "URL is the download link for the last chart pulled.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/helmchart_v1beta1.json b/schema/source.toolkit.fluxcd.io/helmchart_v1beta1.json index cfe3cfb8c..761b67db0 100644 --- a/schema/source.toolkit.fluxcd.io/helmchart_v1beta1.json +++ b/schema/source.toolkit.fluxcd.io/helmchart_v1beta1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -30,14 +30,14 @@ ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -59,7 +59,7 @@ "type": "string" }, "reconcileStrategy": { - "description": "Determines what enables the creation of a new artifact. Valid values are\n('ChartVersion', 'Revision').\nSee the documentation of the values for an explanation on their behavior.\nDefaults to ChartVersion when omitted.", + "description": "Determines what enables the creation of a new artifact. Valid values are ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their behavior. Defaults to ChartVersion when omitted.", "type": "string", "default": "ChartVersion", "enum": [ @@ -80,7 +80,7 @@ "type": "string" }, "kind": { - "description": "Kind of the referent, valid values are ('HelmRepository', 'GitRepository',\n'Bucket').", + "description": "Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').", "type": "string", "enum": [ "HelmRepository", @@ -100,18 +100,18 @@ "type": "boolean" }, "valuesFile": { - "description": "Alternative values file to use as the default chart values, expected to\nbe a relative path in the SourceRef. Deprecated in favor of ValuesFiles,\nfor backwards compatibility the file defined here is merged before the\nValuesFiles items. Ignored when omitted.", + "description": "Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted.", "type": "string" }, "valuesFiles": { - "description": "Alternative list of values files to use as the chart values (values.yaml\nis not included by default), expected to be a relative path in the SourceRef.\nValues files are merged in the order of this list with the last file overriding\nthe first. Ignored when omitted.", + "description": "Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted.", "type": "array", "items": { "type": "string" } }, "version": { - "description": "The chart version semver expression, ignored for charts from GitRepository\nand Bucket sources. Defaults to latest when omitted.", + "description": "The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.", "type": "string", "default": "*" } @@ -129,17 +129,16 @@ "description": "Artifact represents the output of the last successful chart sync.", "type": "object", "required": [ - "lastUpdateTime", "path", "url" ], "properties": { "checksum": { - "description": "Checksum is the SHA256 checksum of the artifact.", + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", "type": "string" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, @@ -148,7 +147,7 @@ "type": "string" }, "revision": { - "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { @@ -162,7 +161,7 @@ "description": "Conditions holds the conditions for the HelmChart.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -173,23 +172,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -205,7 +204,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -215,7 +214,7 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { diff --git a/schema/source.toolkit.fluxcd.io/helmchart_v1beta2.json b/schema/source.toolkit.fluxcd.io/helmchart_v1beta2.json index 1680d0e68..4952d4f10 100644 --- a/schema/source.toolkit.fluxcd.io/helmchart_v1beta2.json +++ b/schema/source.toolkit.fluxcd.io/helmchart_v1beta2.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -23,21 +23,21 @@ ], "properties": { "accessFrom": { - "description": "AccessFrom specifies an Access Control List for allowing cross-namespace\nreferences to this object.\nNOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", + "description": "AccessFrom specifies an Access Control List for allowing cross-namespace references to this object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", "type": "object", "required": [ "namespaceSelectors" ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -51,20 +51,16 @@ "additionalProperties": false }, "chart": { - "description": "Chart is the name or path the Helm chart is available at in the\nSourceRef.", + "description": "Chart is the name or path the Helm chart is available at in the SourceRef.", "type": "string" }, - "ignoreMissingValuesFiles": { - "description": "IgnoreMissingValuesFiles controls whether to silently ignore missing values\nfiles rather than failing.", - "type": "boolean" - }, "interval": { - "description": "Interval at which the HelmChart SourceRef is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", + "description": "Interval at which the HelmChart SourceRef is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "reconcileStrategy": { - "description": "ReconcileStrategy determines what enables the creation of a new artifact.\nValid values are ('ChartVersion', 'Revision').\nSee the documentation of the values for an explanation on their behavior.\nDefaults to ChartVersion when omitted.", + "description": "ReconcileStrategy determines what enables the creation of a new artifact. Valid values are ('ChartVersion', 'Revision'). See the documentation of the values for an explanation on their behavior. Defaults to ChartVersion when omitted.", "type": "string", "default": "ChartVersion", "enum": [ @@ -85,7 +81,7 @@ "type": "string" }, "kind": { - "description": "Kind of the referent, valid values are ('HelmRepository', 'GitRepository',\n'Bucket').", + "description": "Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').", "type": "string", "enum": [ "HelmRepository", @@ -101,32 +97,32 @@ "additionalProperties": false }, "suspend": { - "description": "Suspend tells the controller to suspend the reconciliation of this\nsource.", + "description": "Suspend tells the controller to suspend the reconciliation of this source.", "type": "boolean" }, "valuesFile": { - "description": "ValuesFile is an alternative values file to use as the default chart\nvalues, expected to be a relative path in the SourceRef. Deprecated in\nfavor of ValuesFiles, for backwards compatibility the file specified here\nis merged before the ValuesFiles items. Ignored when omitted.", + "description": "ValuesFile is an alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file specified here is merged before the ValuesFiles items. Ignored when omitted.", "type": "string" }, "valuesFiles": { - "description": "ValuesFiles is an alternative list of values files to use as the chart\nvalues (values.yaml is not included by default), expected to be a\nrelative path in the SourceRef.\nValues files are merged in the order of this list with the last file\noverriding the first. Ignored when omitted.", + "description": "ValuesFiles is an alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted.", "type": "array", "items": { "type": "string" } }, "verify": { - "description": "Verify contains the secret name containing the trusted public keys\nused to verify the signature and specifies which provider to use to check\nwhether OCI image is authentic.\nThis field is only supported when using HelmRepository source with spec.type 'oci'.\nChart dependencies, which are not bundled in the umbrella chart artifact, are not verified.", + "description": "Verify contains the secret name containing the trusted public keys used to verify the signature and specifies which provider to use to check whether OCI image is authentic. This field is only supported when using HelmRepository source with spec.type 'oci'. Chart dependencies, which are not bundled in the umbrella chart artifact, are not verified.", "type": "object", "required": [ "provider" ], "properties": { "matchOIDCIdentity": { - "description": "MatchOIDCIdentity specifies the identity matching criteria to use\nwhile verifying an OCI artifact which was signed using Cosign keyless\nsigning. The artifact's identity is deemed to be verified if any of the\nspecified matchers match against the identity.", + "description": "MatchOIDCIdentity specifies the identity matching criteria to use while verifying an OCI artifact which was signed using Cosign keyless signing. The artifact's identity is deemed to be verified if any of the specified matchers match against the identity.", "type": "array", "items": { - "description": "OIDCIdentityMatch specifies options for verifying the certificate identity,\ni.e. the issuer and the subject of the certificate.", + "description": "OIDCIdentityMatch specifies options for verifying the certificate identity, i.e. the issuer and the subject of the certificate.", "type": "object", "required": [ "issuer", @@ -134,11 +130,11 @@ ], "properties": { "issuer": { - "description": "Issuer specifies the regex pattern to match against to verify\nthe OIDC issuer in the Fulcio certificate. The pattern must be a\nvalid Go regular expression.", + "description": "Issuer specifies the regex pattern to match against to verify the OIDC issuer in the Fulcio certificate. The pattern must be a valid Go regular expression.", "type": "string" }, "subject": { - "description": "Subject specifies the regex pattern to match against to verify\nthe identity subject in the Fulcio certificate. The pattern must\nbe a valid Go regular expression.", + "description": "Subject specifies the regex pattern to match against to verify the identity subject in the Fulcio certificate. The pattern must be a valid Go regular expression.", "type": "string" } }, @@ -150,12 +146,11 @@ "type": "string", "default": "cosign", "enum": [ - "cosign", - "notation" + "cosign" ] }, "secretRef": { - "description": "SecretRef specifies the Kubernetes Secret containing the\ntrusted public keys.", + "description": "SecretRef specifies the Kubernetes Secret containing the trusted public keys.", "type": "object", "required": [ "name" @@ -172,7 +167,7 @@ "additionalProperties": false }, "version": { - "description": "Version is the chart version semver expression, ignored for charts from\nGitRepository and Bucket sources. Defaults to latest when omitted.", + "description": "Version is the chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.", "type": "string", "default": "*" } @@ -190,20 +185,23 @@ "description": "Artifact represents the output of the last successful reconciliation.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", "url" ], "properties": { + "checksum": { + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", + "type": "string" + }, "digest": { "description": "Digest is the digest of the file in the form of '\u003calgorithm\u003e:\u003cchecksum\u003e'.", "type": "string", "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -215,11 +213,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -228,7 +226,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -238,7 +236,7 @@ "description": "Conditions holds the conditions for the HelmChart.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -249,23 +247,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -281,7 +279,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -291,31 +289,24 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedChartName": { - "description": "ObservedChartName is the last observed chart name as specified by the\nresolved chart reference.", + "description": "ObservedChartName is the last observed chart name as specified by the resolved chart reference.", "type": "string" }, "observedGeneration": { - "description": "ObservedGeneration is the last observed generation of the HelmChart\nobject.", + "description": "ObservedGeneration is the last observed generation of the HelmChart object.", "type": "integer", "format": "int64" }, "observedSourceArtifactRevision": { - "description": "ObservedSourceArtifactRevision is the last observed Artifact.Revision\nof the HelmChartSpec.SourceRef.", + "description": "ObservedSourceArtifactRevision is the last observed Artifact.Revision of the HelmChartSpec.SourceRef.", "type": "string" }, - "observedValuesFiles": { - "description": "ObservedValuesFiles are the observed value files of the last successful\nreconciliation.\nIt matches the chart in the last successfully reconciled artifact.", - "type": "array", - "items": { - "type": "string" - } - }, "url": { - "description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nBucketStatus.Artifact data is recommended.", + "description": "URL is the dynamic fetch link for the latest Artifact. It is provided on a \"best effort\" basis, and using the precise BucketStatus.Artifact data is recommended.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/helmrepository_v1alpha1.json b/schema/source.toolkit.fluxcd.io/helmrepository_v1alpha1.json index df09befb3..77bb8558a 100644 --- a/schema/source.toolkit.fluxcd.io/helmrepository_v1alpha1.json +++ b/schema/source.toolkit.fluxcd.io/helmrepository_v1alpha1.json @@ -1,16 +1,20 @@ { + "description": "HelmRepository is the Schema for the helmrepositories API", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "HelmRepositorySpec defines the reference to a Helm repository.", "type": "object", "required": [ "interval", @@ -18,30 +22,37 @@ ], "properties": { "interval": { + "description": "The interval at which to check the upstream for updates.", "type": "string" }, "secretRef": { + "description": "The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain caFile, keyFile and caCert fields.", "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, "additionalProperties": false }, "timeout": { + "description": "The timeout of index downloading, defaults to 60s.", "type": "string" }, "url": { + "description": "The Helm repository URL, a valid URL contains at least a protocol and host.", "type": "string" } }, "additionalProperties": false }, "status": { + "description": "HelmRepositoryStatus defines the observed state of the HelmRepository.", "type": "object", "properties": { "artifact": { + "description": "Artifact represents the output of the last successful repository sync.", "type": "object", "required": [ "path", @@ -49,27 +60,34 @@ ], "properties": { "checksum": { + "description": "Checksum is the SHA1 checksum of the artifact.", "type": "string" }, "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, "path": { + "description": "Path is the relative file path of this artifact.", "type": "string" }, "revision": { + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { + "description": "URL is the HTTP address of this artifact.", "type": "string" } }, "additionalProperties": false }, "conditions": { + "description": "Conditions holds the conditions for the HelmRepository.", "type": "array", "items": { + "description": "SourceCondition contains condition information for a source.", "type": "object", "required": [ "status", @@ -77,19 +95,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the timestamp corresponding to the last status change of this condition.", "type": "string", "format": "date-time" }, "message": { + "description": "Message is a human readable description of the details of the last transition, complementing reason.", "type": "string" }, "reason": { + "description": "Reason is a brief machine readable explanation for the condition's last transition.", "type": "string" }, "status": { + "description": "Status of the condition, one of ('True', 'False', 'Unknown').", "type": "string" }, "type": { + "description": "Type of the condition, currently ('Ready').", "type": "string" } }, @@ -97,10 +120,12 @@ } }, "observedGeneration": { + "description": "ObservedGeneration is the last observed generation.", "type": "integer", "format": "int64" }, "url": { + "description": "URL is the download link for the last index fetched.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/helmrepository_v1beta1.json b/schema/source.toolkit.fluxcd.io/helmrepository_v1beta1.json index 94640b82e..a2d9777de 100644 --- a/schema/source.toolkit.fluxcd.io/helmrepository_v1beta1.json +++ b/schema/source.toolkit.fluxcd.io/helmrepository_v1beta1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -29,14 +29,14 @@ ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -54,11 +54,11 @@ "type": "string" }, "passCredentials": { - "description": "PassCredentials allows the credentials from the SecretRef to be passed on to\na host that does not match the host as defined in URL.\nThis may be required if the host of the advertised chart URLs in the index\ndiffer from the defined URL.\nEnabling this should be done with caution, as it can potentially result in\ncredentials getting stolen in a MITM-attack.", + "description": "PassCredentials allows the credentials from the SecretRef to be passed on to a host that does not match the host as defined in URL. This may be required if the host of the advertised chart URLs in the index differ from the defined URL. Enabling this should be done with caution, as it can potentially result in credentials getting stolen in a MITM-attack.", "type": "boolean" }, "secretRef": { - "description": "The name of the secret containing authentication credentials for the Helm\nrepository.\nFor HTTP/S basic auth the secret must contain username and\npassword fields.\nFor TLS the secret must contain a certFile and keyFile, and/or\ncaFile fields.", + "description": "The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caFile fields.", "type": "object", "required": [ "name" @@ -98,17 +98,16 @@ "description": "Artifact represents the output of the last successful repository sync.", "type": "object", "required": [ - "lastUpdateTime", "path", "url" ], "properties": { "checksum": { - "description": "Checksum is the SHA256 checksum of the artifact.", + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", "type": "string" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", "type": "string", "format": "date-time" }, @@ -117,7 +116,7 @@ "type": "string" }, "revision": { - "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", + "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.", "type": "string" }, "url": { @@ -131,7 +130,7 @@ "description": "Conditions holds the conditions for the HelmRepository.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -142,23 +141,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -174,7 +173,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -184,7 +183,7 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { diff --git a/schema/source.toolkit.fluxcd.io/helmrepository_v1beta2.json b/schema/source.toolkit.fluxcd.io/helmrepository_v1beta2.json index 9634c629f..db651fd37 100644 --- a/schema/source.toolkit.fluxcd.io/helmrepository_v1beta2.json +++ b/schema/source.toolkit.fluxcd.io/helmrepository_v1beta2.json @@ -3,39 +3,39 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "HelmRepositorySpec specifies the required configuration to produce an\nArtifact for a Helm repository index YAML.", + "description": "HelmRepositorySpec specifies the required configuration to produce an Artifact for a Helm repository index YAML.", "type": "object", "required": [ "url" ], "properties": { "accessFrom": { - "description": "AccessFrom specifies an Access Control List for allowing cross-namespace\nreferences to this object.\nNOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", + "description": "AccessFrom specifies an Access Control List for allowing cross-namespace references to this object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", "type": "object", "required": [ "namespaceSelectors" ], "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", "type": "array", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", "type": "object", "properties": { "matchLabels": { - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object", "additionalProperties": { "type": "string" @@ -49,7 +49,7 @@ "additionalProperties": false }, "certSecretRef": { - "description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`.", + "description": "CertSecretRef can be given the name of a Secret containing either or both of \n - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) \n and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. \n It takes precedence over the values specified in the Secret referred to by `.spec.secretRef`.", "type": "object", "required": [ "name" @@ -63,20 +63,20 @@ "additionalProperties": false }, "insecure": { - "description": "Insecure allows connecting to a non-TLS HTTP container registry.\nThis field is only taken into account if the .spec.type field is set to 'oci'.", + "description": "Insecure allows connecting to a non-TLS HTTP container registry. This field is only taken into account if the .spec.type field is set to 'oci'.", "type": "boolean" }, "interval": { - "description": "Interval at which the HelmRepository URL is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", + "description": "Interval at which the HelmRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "passCredentials": { - "description": "PassCredentials allows the credentials from the SecretRef to be passed\non to a host that does not match the host as defined in URL.\nThis may be required if the host of the advertised chart URLs in the\nindex differ from the defined URL.\nEnabling this should be done with caution, as it can potentially result\nin credentials getting stolen in a MITM-attack.", + "description": "PassCredentials allows the credentials from the SecretRef to be passed on to a host that does not match the host as defined in URL. This may be required if the host of the advertised chart URLs in the index differ from the defined URL. Enabling this should be done with caution, as it can potentially result in credentials getting stolen in a MITM-attack.", "type": "boolean" }, "provider": { - "description": "Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.\nThis field is optional, and only taken into account if the .spec.type field is set to 'oci'.\nWhen not specified, defaults to 'generic'.", + "description": "Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is optional, and only taken into account if the .spec.type field is set to 'oci'. When not specified, defaults to 'generic'.", "type": "string", "default": "generic", "enum": [ @@ -87,7 +87,7 @@ ] }, "secretRef": { - "description": "SecretRef specifies the Secret containing authentication credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the secret must contain 'username' and 'password'\nfields.\nSupport for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys is deprecated. Please use `.spec.certSecretRef` instead.", + "description": "SecretRef specifies the Secret containing authentication credentials for the HelmRepository. For HTTP/S basic auth the secret must contain 'username' and 'password' fields. Support for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile' keys is deprecated. Please use `.spec.certSecretRef` instead.", "type": "object", "required": [ "name" @@ -101,16 +101,17 @@ "additionalProperties": false }, "suspend": { - "description": "Suspend tells the controller to suspend the reconciliation of this\nHelmRepository.", + "description": "Suspend tells the controller to suspend the reconciliation of this HelmRepository.", "type": "boolean" }, "timeout": { - "description": "Timeout is used for the index fetch operation for an HTTPS helm repository,\nand for remote OCI Repository operations like pulling for an OCI helm\nchart by the associated HelmChart.\nIts default value is 60s.", + "description": "Timeout is used for the index fetch operation for an HTTPS helm repository, and for remote OCI Repository operations like pulling for an OCI helm chart by the associated HelmChart. Its default value is 60s.", "type": "string", + "default": "60s", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" }, "type": { - "description": "Type of the HelmRepository.\nWhen this field is set to \"oci\", the URL field value must be prefixed with \"oci://\".", + "description": "Type of the HelmRepository. When this field is set to \"oci\", the URL field value must be prefixed with \"oci://\".", "type": "string", "enum": [ "default", @@ -118,7 +119,7 @@ ] }, "url": { - "description": "URL of the Helm repository, a valid URL contains at least a protocol and\nhost.", + "description": "URL of the Helm repository, a valid URL contains at least a protocol and host.", "type": "string", "pattern": "^(http|https|oci)://.*$" } @@ -136,20 +137,23 @@ "description": "Artifact represents the last successful HelmRepository reconciliation.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", "url" ], "properties": { + "checksum": { + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", + "type": "string" + }, "digest": { "description": "Digest is the digest of the file in the form of '\u003calgorithm\u003e:\u003cchecksum\u003e'.", "type": "string", "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -161,11 +165,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -174,7 +178,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -184,7 +188,7 @@ "description": "Conditions holds the conditions for the HelmRepository.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -195,23 +199,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -227,7 +231,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -237,16 +241,16 @@ } }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { - "description": "ObservedGeneration is the last observed generation of the HelmRepository\nobject.", + "description": "ObservedGeneration is the last observed generation of the HelmRepository object.", "type": "integer", "format": "int64" }, "url": { - "description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact data is recommended.", + "description": "URL is the dynamic fetch link for the latest Artifact. It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact data is recommended.", "type": "string" } }, diff --git a/schema/source.toolkit.fluxcd.io/ocirepository_v1beta2.json b/schema/source.toolkit.fluxcd.io/ocirepository_v1beta2.json index 07cd6c468..59d0ca8d4 100644 --- a/schema/source.toolkit.fluxcd.io/ocirepository_v1beta2.json +++ b/schema/source.toolkit.fluxcd.io/ocirepository_v1beta2.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -22,7 +22,7 @@ ], "properties": { "certSecretRef": { - "description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nNote: Support for the `caFile`, `certFile` and `keyFile` keys have\nbeen deprecated.", + "description": "CertSecretRef can be given the name of a Secret containing either or both of \n - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) \n and whichever are supplied, will be used for connecting to the registry. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. \n Note: Support for the `caFile`, `certFile` and `keyFile` keys have been deprecated.", "type": "object", "required": [ "name" @@ -36,7 +36,7 @@ "additionalProperties": false }, "ignore": { - "description": "Ignore overrides the set of excluded patterns in the .sourceignore format\n(which is the same as .gitignore). If not provided, a default will be used,\nconsult the documentation for your version to find out what those are.", + "description": "Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.", "type": "string" }, "insecure": { @@ -44,20 +44,20 @@ "type": "boolean" }, "interval": { - "description": "Interval at which the OCIRepository URL is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", + "description": "Interval at which the OCIRepository URL is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.", "type": "string", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" }, "layerSelector": { - "description": "LayerSelector specifies which layer should be extracted from the OCI artifact.\nWhen not specified, the first layer found in the artifact is selected.", + "description": "LayerSelector specifies which layer should be extracted from the OCI artifact. When not specified, the first layer found in the artifact is selected.", "type": "object", "properties": { "mediaType": { - "description": "MediaType specifies the OCI media type of the layer\nwhich should be extracted from the OCI Artifact. The\nfirst layer matching this type is selected.", + "description": "MediaType specifies the OCI media type of the layer which should be extracted from the OCI Artifact. The first layer matching this type is selected.", "type": "string" }, "operation": { - "description": "Operation specifies how the selected layer should be processed.\nBy default, the layer compressed content is extracted to storage.\nWhen the operation is set to 'copy', the layer compressed content\nis persisted to storage as it is.", + "description": "Operation specifies how the selected layer should be processed. By default, the layer compressed content is extracted to storage. When the operation is set to 'copy', the layer compressed content is persisted to storage as it is.", "type": "string", "enum": [ "extract", @@ -68,7 +68,7 @@ "additionalProperties": false }, "provider": { - "description": "The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.\nWhen not specified, defaults to 'generic'.", + "description": "The provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. When not specified, defaults to 'generic'.", "type": "string", "default": "generic", "enum": [ @@ -78,34 +78,16 @@ "gcp" ] }, - "proxySecretRef": { - "description": "ProxySecretRef specifies the Secret containing the proxy configuration\nto use while communicating with the container registry.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the referent.", - "type": "string" - } - }, - "additionalProperties": false - }, "ref": { - "description": "The OCI reference to pull and monitor for changes,\ndefaults to the latest tag.", + "description": "The OCI reference to pull and monitor for changes, defaults to the latest tag.", "type": "object", "properties": { "digest": { - "description": "Digest is the image digest to pull, takes precedence over SemVer.\nThe value should be in the format 'sha256:\u003cHASH\u003e'.", + "description": "Digest is the image digest to pull, takes precedence over SemVer. The value should be in the format 'sha256:\u003cHASH\u003e'.", "type": "string" }, "semver": { - "description": "SemVer is the range of tags to pull selecting the latest within\nthe range, takes precedence over Tag.", - "type": "string" - }, - "semverFilter": { - "description": "SemverFilter is a regex pattern to filter the tags within the SemVer range.", + "description": "SemVer is the range of tags to pull selecting the latest within the range, takes precedence over Tag.", "type": "string" }, "tag": { @@ -116,7 +98,7 @@ "additionalProperties": false }, "secretRef": { - "description": "SecretRef contains the secret name containing the registry login\ncredentials to resolve image metadata.\nThe secret must be of type kubernetes.io/dockerconfigjson.", + "description": "SecretRef contains the secret name containing the registry login credentials to resolve image metadata. The secret must be of type kubernetes.io/dockerconfigjson.", "type": "object", "required": [ "name" @@ -130,7 +112,7 @@ "additionalProperties": false }, "serviceAccountName": { - "description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate\nthe image pull if the service account has attached pull secrets. For more information:\nhttps://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account", + "description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to authenticate the image pull if the service account has attached pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account", "type": "string" }, "suspend": { @@ -144,22 +126,22 @@ "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" }, "url": { - "description": "URL is a reference to an OCI artifact repository hosted\non a remote container registry.", + "description": "URL is a reference to an OCI artifact repository hosted on a remote container registry.", "type": "string", "pattern": "^oci://.*$" }, "verify": { - "description": "Verify contains the secret name containing the trusted public keys\nused to verify the signature and specifies which provider to use to check\nwhether OCI image is authentic.", + "description": "Verify contains the secret name containing the trusted public keys used to verify the signature and specifies which provider to use to check whether OCI image is authentic.", "type": "object", "required": [ "provider" ], "properties": { "matchOIDCIdentity": { - "description": "MatchOIDCIdentity specifies the identity matching criteria to use\nwhile verifying an OCI artifact which was signed using Cosign keyless\nsigning. The artifact's identity is deemed to be verified if any of the\nspecified matchers match against the identity.", + "description": "MatchOIDCIdentity specifies the identity matching criteria to use while verifying an OCI artifact which was signed using Cosign keyless signing. The artifact's identity is deemed to be verified if any of the specified matchers match against the identity.", "type": "array", "items": { - "description": "OIDCIdentityMatch specifies options for verifying the certificate identity,\ni.e. the issuer and the subject of the certificate.", + "description": "OIDCIdentityMatch specifies options for verifying the certificate identity, i.e. the issuer and the subject of the certificate.", "type": "object", "required": [ "issuer", @@ -167,11 +149,11 @@ ], "properties": { "issuer": { - "description": "Issuer specifies the regex pattern to match against to verify\nthe OIDC issuer in the Fulcio certificate. The pattern must be a\nvalid Go regular expression.", + "description": "Issuer specifies the regex pattern to match against to verify the OIDC issuer in the Fulcio certificate. The pattern must be a valid Go regular expression.", "type": "string" }, "subject": { - "description": "Subject specifies the regex pattern to match against to verify\nthe identity subject in the Fulcio certificate. The pattern must\nbe a valid Go regular expression.", + "description": "Subject specifies the regex pattern to match against to verify the identity subject in the Fulcio certificate. The pattern must be a valid Go regular expression.", "type": "string" } }, @@ -183,12 +165,11 @@ "type": "string", "default": "cosign", "enum": [ - "cosign", - "notation" + "cosign" ] }, "secretRef": { - "description": "SecretRef specifies the Kubernetes Secret containing the\ntrusted public keys.", + "description": "SecretRef specifies the Kubernetes Secret containing the trusted public keys.", "type": "object", "required": [ "name" @@ -218,20 +199,23 @@ "description": "Artifact represents the output of the last successful OCI Repository sync.", "type": "object", "required": [ - "digest", "lastUpdateTime", "path", "revision", "url" ], "properties": { + "checksum": { + "description": "Checksum is the SHA256 checksum of the Artifact file (obsolete)", + "type": "string" + }, "digest": { "description": "Digest is the digest of the file in the form of '\u003calgorithm\u003e:\u003cchecksum\u003e'.", "type": "string", "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", "type": "string", "format": "date-time" }, @@ -243,11 +227,11 @@ } }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -256,7 +240,7 @@ "format": "int64" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -266,7 +250,7 @@ "description": "Conditions holds the conditions for the OCIRepository.", "type": "array", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", "type": "object", "required": [ "lastTransitionTime", @@ -277,23 +261,23 @@ ], "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "type": "string", "format": "date-time" }, "message": { - "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "maxLength": 32768 }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", "type": "integer", "format": "int64", "minimum": 0 }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", "type": "string", "maxLength": 1024, "minLength": 1, @@ -309,7 +293,7 @@ ] }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", "type": "string", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" @@ -319,11 +303,11 @@ } }, "contentConfigChecksum": { - "description": "ContentConfigChecksum is a checksum of all the configurations related to\nthe content of the source artifact:\n - .spec.ignore\n - .spec.layerSelector\nobserved in .status.observedGeneration version of the object. This can\nbe used to determine if the content configuration has changed and the\nartifact needs to be rebuilt.\nIt has the format of `\u003calgo\u003e:\u003cchecksum\u003e`, for example: `sha256:\u003cchecksum\u003e`.\n\nDeprecated: Replaced with explicit fields for observed artifact content\nconfig in the status.", + "description": "ContentConfigChecksum is a checksum of all the configurations related to the content of the source artifact: - .spec.ignore - .spec.layerSelector observed in .status.observedGeneration version of the object. This can be used to determine if the content configuration has changed and the artifact needs to be rebuilt. It has the format of `\u003calgo\u003e:\u003cchecksum\u003e`, for example: `sha256:\u003cchecksum\u003e`. \n Deprecated: Replaced with explicit fields for observed artifact content config in the status.", "type": "string" }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", "type": "string" }, "observedGeneration": { @@ -332,19 +316,19 @@ "format": "int64" }, "observedIgnore": { - "description": "ObservedIgnore is the observed exclusion patterns used for constructing\nthe source artifact.", + "description": "ObservedIgnore is the observed exclusion patterns used for constructing the source artifact.", "type": "string" }, "observedLayerSelector": { - "description": "ObservedLayerSelector is the observed layer selector used for constructing\nthe source artifact.", + "description": "ObservedLayerSelector is the observed layer selector used for constructing the source artifact.", "type": "object", "properties": { "mediaType": { - "description": "MediaType specifies the OCI media type of the layer\nwhich should be extracted from the OCI Artifact. The\nfirst layer matching this type is selected.", + "description": "MediaType specifies the OCI media type of the layer which should be extracted from the OCI Artifact. The first layer matching this type is selected.", "type": "string" }, "operation": { - "description": "Operation specifies how the selected layer should be processed.\nBy default, the layer compressed content is extracted to storage.\nWhen the operation is set to 'copy', the layer compressed content\nis persisted to storage as it is.", + "description": "Operation specifies how the selected layer should be processed. By default, the layer compressed content is extracted to storage. When the operation is set to 'copy', the layer compressed content is persisted to storage as it is.", "type": "string", "enum": [ "extract", diff --git a/schema/stacks.crossplane.io/clusterstackinstall_v1alpha1.json b/schema/stacks.crossplane.io/clusterstackinstall_v1alpha1.json index b4e5fdad2..a5894862a 100644 --- a/schema/stacks.crossplane.io/clusterstackinstall_v1alpha1.json +++ b/schema/stacks.crossplane.io/clusterstackinstall_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -10,7 +11,7 @@ "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "crd": { "type": "string" @@ -19,51 +20,58 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "package": { "type": "string" }, "serviceAccount": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "source": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "conditionedStatus": { - "additionalProperties": false, + "type": "object", "properties": { "conditions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "type": "string", + "format": "date-time" }, "message": { "type": "string" @@ -78,21 +86,14 @@ "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "installJob": { - "additionalProperties": false, + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -116,10 +117,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "stackRecord": { - "additionalProperties": false, + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -143,11 +144,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/stacks.crossplane.io/stack_v1alpha1.json b/schema/stacks.crossplane.io/stack_v1alpha1.json index a1f7566b5..40f6cb74e 100644 --- a/schema/stacks.crossplane.io/stack_v1alpha1.json +++ b/schema/stacks.crossplane.io/stack_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -10,7 +11,7 @@ "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "category": { "type": "string" @@ -19,42 +20,55 @@ "type": "string" }, "controller": { - "additionalProperties": false, + "type": "object", "properties": { "deployment": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "spec" + ], "properties": { "name": { "type": "string" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "selector", + "template" + ], "properties": { "minReadySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "paused": { "type": "boolean" }, "progressDeadlineSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "replicas": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "revisionHistoryLimit": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "selector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -63,34 +77,29 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "strategy": { - "additionalProperties": false, + "type": "object", "properties": { "rollingUpdate": { - "additionalProperties": false, + "type": "object", "properties": { "maxSurge": { "anyOf": [ @@ -115,43 +124,56 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "type": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "template": { - "additionalProperties": false, + "type": "object", "properties": { "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "containers" + ], "properties": { "activeDeadlineSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "affinity": { - "additionalProperties": false, + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -160,23 +182,23 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { "type": "string" @@ -185,46 +207,45 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -233,23 +254,23 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { "type": "string" @@ -258,50 +279,54 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -310,67 +335,63 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -379,65 +400,69 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -446,67 +471,63 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -515,74 +536,73 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "automountServiceAccountToken": { "type": "boolean" }, "containers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -591,10 +611,13 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -606,13 +629,13 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -621,13 +644,13 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -639,13 +662,13 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -657,28 +680,22 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -687,13 +704,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -702,12 +719,11 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -716,32 +732,40 @@ "type": "string" }, "lifecycle": { - "additionalProperties": false, + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -750,13 +774,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -776,13 +795,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -799,38 +818,43 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -839,13 +863,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -865,13 +884,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -888,45 +907,50 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -935,13 +959,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -961,25 +980,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -996,35 +1015,36 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "ports": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "hostIP": { "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "name": { "type": "string" @@ -1033,41 +1053,45 @@ "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1076,13 +1100,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1102,25 +1121,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1137,59 +1156,56 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "limits": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "drop": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -1201,18 +1217,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -1227,10 +1243,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -1242,39 +1258,47 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1283,13 +1307,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1309,25 +1328,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1344,17 +1363,14 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { "type": "boolean" @@ -1372,8 +1388,13 @@ "type": "boolean" }, "volumeDevices": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { "type": "string" @@ -1382,17 +1403,17 @@ "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -1413,37 +1434,29 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "dnsConfig": { - "additionalProperties": false, + "type": "object", "properties": { "nameservers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "options": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -1452,18 +1465,17 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "searches": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "dnsPolicy": { "type": "string" @@ -1472,24 +1484,32 @@ "type": "boolean" }, "ephemeralContainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -1498,10 +1518,13 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -1511,15 +1534,15 @@ }, "optional": { "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object" + } + }, + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -1528,13 +1551,13 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -1546,13 +1569,13 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -1564,28 +1587,22 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -1594,13 +1611,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -1609,12 +1626,11 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -1623,32 +1639,40 @@ "type": "string" }, "lifecycle": { - "additionalProperties": false, + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1657,13 +1681,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1683,13 +1702,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -1706,38 +1725,43 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1746,13 +1770,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1772,13 +1791,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -1795,45 +1814,50 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1842,13 +1866,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1868,25 +1887,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1903,35 +1922,36 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "ports": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "hostIP": { "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "name": { "type": "string" @@ -1940,41 +1960,45 @@ "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1983,13 +2007,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2009,25 +2028,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2044,59 +2063,56 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "limits": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "drop": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -2108,18 +2124,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -2134,10 +2150,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -2149,39 +2165,47 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2190,13 +2214,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2216,25 +2235,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2251,17 +2270,14 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { "type": "boolean" @@ -2282,8 +2298,13 @@ "type": "boolean" }, "volumeDevices": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { "type": "string" @@ -2292,17 +2313,17 @@ "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -2323,42 +2344,33 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "hostAliases": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "hostnames": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ip": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "hostIPC": { "type": "boolean" @@ -2373,36 +2385,44 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "initContainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -2411,10 +2431,13 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -2426,13 +2449,13 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -2441,13 +2464,13 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -2459,13 +2482,13 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -2477,28 +2500,22 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -2507,13 +2524,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -2522,12 +2539,11 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -2536,32 +2552,40 @@ "type": "string" }, "lifecycle": { - "additionalProperties": false, + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2570,13 +2594,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2596,13 +2615,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -2619,38 +2638,43 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2659,13 +2683,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2685,13 +2704,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -2708,45 +2727,50 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2755,13 +2779,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2781,25 +2800,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2816,35 +2835,36 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "ports": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "hostIP": { "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "name": { "type": "string" @@ -2853,41 +2873,45 @@ "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2896,13 +2920,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2922,25 +2941,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2957,59 +2976,56 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "limits": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "drop": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -3021,18 +3037,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -3047,10 +3063,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -3062,39 +3078,47 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -3103,13 +3127,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -3129,25 +3148,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -3164,17 +3183,14 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { "type": "boolean" @@ -3192,8 +3208,13 @@ "type": "boolean" }, "volumeDevices": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { "type": "string" @@ -3202,17 +3223,17 @@ "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -3233,64 +3254,55 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "nodeName": { "type": "string" }, "nodeSelector": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "overhead": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "preemptionPolicy": { "type": "string" }, "priority": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "priorityClassName": { "type": "string" }, "readinessGates": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "conditionType" + ], "properties": { "conditionType": { "type": "string" } }, - "required": [ - "conditionType" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "restartPolicy": { "type": "string" @@ -3302,25 +3314,28 @@ "type": "string" }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "fsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" + }, + "fsGroupChangePolicy": { + "type": "string" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -3335,18 +3350,23 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "type": "array", "items": { - "format": "int64", - "type": "integer" - }, - "type": "array" + "type": "integer", + "format": "int64" + } }, "sysctls": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -3355,16 +3375,11 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -3376,10 +3391,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceAccount": { "type": "string" @@ -3394,12 +3409,13 @@ "type": "string" }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "tolerations": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "effect": { "type": "string" @@ -3411,27 +3427,37 @@ "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "value": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "topologySpreadConstraints": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3440,32 +3466,27 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "maxSkew": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "topologyKey": { "type": "string" @@ -3474,28 +3495,29 @@ "type": "string" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumes": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" @@ -3504,13 +3526,14 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { "type": "string" @@ -3531,14 +3554,14 @@ "type": "boolean" } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { "type": "boolean" @@ -3550,20 +3573,19 @@ "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "path": { "type": "string" @@ -3575,25 +3597,25 @@ "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "user": { "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -3602,52 +3624,49 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "volumeID": { "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" @@ -3656,10 +3675,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "csi": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -3668,42 +3690,46 @@ "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "readOnly": { "type": "boolean" }, "volumeAttributes": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -3712,20 +3738,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -3737,24 +3763,17 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "type": "object", "properties": { "medium": { "type": "string" @@ -3763,38 +3782,41 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" }, "targetWWNs": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "wwids": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -3803,31 +3825,28 @@ "type": "string" }, "options": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "type": "object", "properties": { "datasetName": { "type": "string" @@ -3836,17 +3855,20 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "pdName": { "type": "string" @@ -3855,13 +3877,13 @@ "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { "type": "string" @@ -3873,13 +3895,14 @@ "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { "type": "string" @@ -3891,14 +3914,13 @@ "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { "type": "string" @@ -3907,13 +3929,15 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { "type": "boolean" @@ -3934,43 +3958,42 @@ "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "portals": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "targetPortal": { "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "nfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { "type": "string" @@ -3982,14 +4005,13 @@ "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { "type": "string" @@ -3998,13 +4020,13 @@ "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { "type": "string" @@ -4013,13 +4035,13 @@ "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -4031,47 +4053,48 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "type": "object", + "required": [ + "sources" + ], "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "sources": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" @@ -4080,17 +4103,24 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -4099,20 +4129,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -4124,47 +4154,40 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" @@ -4173,40 +4196,40 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "serviceAccountToken": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "path": { "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "sources" - ], - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { "type": "string" @@ -4227,14 +4250,14 @@ "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { "type": "string" @@ -4246,10 +4269,10 @@ "type": "string" }, "monitors": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "pool": { "type": "string" @@ -4258,26 +4281,27 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "user": { "type": "string" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { "type": "string" @@ -4292,13 +4316,13 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "sslEnabled": { "type": "boolean" @@ -4316,42 +4340,37 @@ "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "optional": { "type": "boolean" @@ -4360,10 +4379,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" @@ -4372,13 +4391,13 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "volumeName": { "type": "string" @@ -4387,10 +4406,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { "type": "string" @@ -4405,60 +4427,43 @@ "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "containers" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "selector", - "template" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name", - "spec" - ], - "type": "object" + "additionalProperties": false }, "serviceAccount": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "customresourcedefinitions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -4467,13 +4472,13 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "dependsOn": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "crd": { "type": "string" @@ -4482,43 +4487,47 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "package": { "type": "string" }, "serviceAccount": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "source": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "icons": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "base64Data", + "mediatype" + ], "properties": { "base64Data": { "type": "string" @@ -4527,26 +4536,22 @@ "type": "string" } }, - "required": [ - "base64Data", - "mediatype" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "keywords": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "license": { "type": "string" }, "maintainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "email": { "type": "string" @@ -4555,9 +4560,8 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "overview": { "type": "string" @@ -4566,8 +4570,9 @@ "type": "string" }, "owners": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "email": { "type": "string" @@ -4576,73 +4581,72 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "packageType": { + "type": "string", "enum": [ "Provider", "Stack", "Application", "Addon" - ], - "type": "string" + ] }, "permissionScope": { + "type": "string", "enum": [ "Cluster", "Namespaced" - ], - "type": "string" + ] }, "permissions": { - "additionalProperties": false, + "type": "object", "properties": { "rules": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "verbs" + ], "properties": { "apiGroups": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "nonResourceURLs": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "resourceNames": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "resources": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "verbs": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "verbs" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "readme": { "type": "string" @@ -4660,21 +4664,28 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "conditionedStatus": { - "additionalProperties": false, + "type": "object", "properties": { "conditions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "type": "string", + "format": "date-time" }, "message": { "type": "string" @@ -4689,21 +4700,14 @@ "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "controllerRef": { - "additionalProperties": false, + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -4727,11 +4731,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/stacks.crossplane.io/stackdefinition_v1alpha1.json b/schema/stacks.crossplane.io/stackdefinition_v1alpha1.json index 2e03f7b16..299298690 100644 --- a/schema/stacks.crossplane.io/stackdefinition_v1alpha1.json +++ b/schema/stacks.crossplane.io/stackdefinition_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -10,13 +11,17 @@ "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "behavior": { - "additionalProperties": false, + "type": "object", "properties": { "crd": { - "additionalProperties": false, + "type": "object", + "required": [ + "apiVersion", + "kind" + ], "properties": { "apiVersion": { "type": "string" @@ -25,34 +30,45 @@ "type": "string" } }, - "required": [ - "apiVersion", - "kind" - ], - "type": "object" + "additionalProperties": false }, "engine": { - "additionalProperties": false, + "type": "object", + "required": [ + "type" + ], "properties": { "controllerImage": { "type": "string" }, "kustomize": { - "additionalProperties": false, + "type": "object", "properties": { "kustomization": { "type": "object" }, "overlays": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "apiVersion", + "bindings", + "kind", + "name" + ], "properties": { "apiVersion": { "type": "string" }, "bindings": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "from", + "to" + ], "properties": { "from": { "type": "string" @@ -61,13 +77,8 @@ "type": "string" } }, - "required": [ - "from", - "to" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "kind": { "type": "string" @@ -76,30 +87,23 @@ "type": "string" } }, - "required": [ - "apiVersion", - "bindings", - "kind", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "type": { "type": "string" } }, - "required": [ - "type" - ], - "type": "object" + "additionalProperties": false }, "source": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "image": { "type": "string" @@ -108,13 +112,10 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "category": { "type": "string" @@ -123,42 +124,55 @@ "type": "string" }, "controller": { - "additionalProperties": false, + "type": "object", "properties": { "deployment": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "spec" + ], "properties": { "name": { "type": "string" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "selector", + "template" + ], "properties": { "minReadySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "paused": { "type": "boolean" }, "progressDeadlineSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "replicas": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "revisionHistoryLimit": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "selector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -167,34 +181,29 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "strategy": { - "additionalProperties": false, + "type": "object", "properties": { "rollingUpdate": { - "additionalProperties": false, + "type": "object", "properties": { "maxSurge": { "anyOf": [ @@ -219,43 +228,56 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "type": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "template": { - "additionalProperties": false, + "type": "object", "properties": { "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", + "required": [ + "containers" + ], "properties": { "activeDeadlineSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "affinity": { - "additionalProperties": false, + "type": "object", "properties": { "nodeAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "preference", + "weight" + ], "properties": { "preference": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -264,23 +286,23 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { "type": "string" @@ -289,46 +311,45 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "preference", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { - "additionalProperties": false, + "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { "nodeSelectorTerms": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -337,23 +358,23 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, + "additionalProperties": false + } + }, + "matchFields": { + "type": "array", + "items": { + "type": "object", "required": [ "key", "operator" ], - "type": "object" - }, - "type": "array" - }, - "matchFields": { - "items": { - "additionalProperties": false, "properties": { "key": { "type": "string" @@ -362,50 +383,54 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "nodeSelectorTerms" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "podAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -414,67 +439,63 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -483,65 +504,69 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "podAntiAffinity": { - "additionalProperties": false, + "type": "object", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "podAffinityTerm", + "weight" + ], "properties": { "podAffinityTerm": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -550,67 +575,63 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" + "additionalProperties": false }, "weight": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "required": [ - "podAffinityTerm", - "weight" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "topologyKey" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -619,74 +640,73 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "namespaces": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "topologyKey": { "type": "string" } }, - "required": [ - "topologyKey" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "automountServiceAccountToken": { "type": "boolean" }, "containers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -695,10 +715,13 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -710,13 +733,13 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -725,13 +748,13 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -743,13 +766,13 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -761,28 +784,22 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -791,13 +808,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -806,12 +823,11 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -820,32 +836,40 @@ "type": "string" }, "lifecycle": { - "additionalProperties": false, + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -854,13 +878,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -880,13 +899,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -903,38 +922,43 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -943,13 +967,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -969,13 +988,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -992,45 +1011,50 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1039,13 +1063,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1065,25 +1084,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1100,35 +1119,36 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "ports": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "hostIP": { "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "name": { "type": "string" @@ -1137,41 +1157,45 @@ "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1180,13 +1204,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1206,25 +1225,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1241,59 +1260,56 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "limits": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "drop": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -1305,18 +1321,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -1331,10 +1347,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -1346,39 +1362,47 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1387,13 +1411,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1413,25 +1432,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -1448,17 +1467,14 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { "type": "boolean" @@ -1476,8 +1492,13 @@ "type": "boolean" }, "volumeDevices": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { "type": "string" @@ -1486,17 +1507,17 @@ "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -1517,37 +1538,29 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "dnsConfig": { - "additionalProperties": false, + "type": "object", "properties": { "nameservers": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "options": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -1556,18 +1569,17 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "searches": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "dnsPolicy": { "type": "string" @@ -1576,24 +1588,32 @@ "type": "boolean" }, "ephemeralContainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -1602,10 +1622,13 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -1617,13 +1640,13 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -1632,13 +1655,13 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -1650,13 +1673,13 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -1668,28 +1691,22 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -1698,13 +1715,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -1713,12 +1730,11 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -1727,32 +1743,40 @@ "type": "string" }, "lifecycle": { - "additionalProperties": false, + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1761,13 +1785,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1787,13 +1806,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -1810,38 +1829,43 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1850,13 +1874,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1876,13 +1895,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -1899,45 +1918,50 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -1946,13 +1970,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -1972,25 +1991,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2007,35 +2026,36 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "ports": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "hostIP": { "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "name": { "type": "string" @@ -2044,41 +2064,45 @@ "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2087,13 +2111,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2113,25 +2132,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2148,59 +2167,56 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "limits": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "drop": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -2212,18 +2228,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -2238,10 +2254,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -2253,39 +2269,47 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2294,13 +2318,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2320,25 +2339,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2355,17 +2374,14 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { "type": "boolean" @@ -2386,8 +2402,13 @@ "type": "boolean" }, "volumeDevices": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { "type": "string" @@ -2396,17 +2417,17 @@ "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -2427,42 +2448,33 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "hostAliases": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "hostnames": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "ip": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "hostIPC": { "type": "boolean" @@ -2477,36 +2489,44 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "initContainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "args": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "name": { "type": "string" @@ -2515,10 +2535,13 @@ "type": "string" }, "valueFrom": { - "additionalProperties": false, + "type": "object", "properties": { "configMapKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -2530,13 +2553,13 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false }, "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -2545,13 +2568,13 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -2563,13 +2586,13 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false }, "secretKeyRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "key" + ], "properties": { "key": { "type": "string" @@ -2581,28 +2604,22 @@ "type": "boolean" } }, - "required": [ - "key" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "envFrom": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMapRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -2611,13 +2628,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "prefix": { "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" @@ -2626,12 +2643,11 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "image": { "type": "string" @@ -2640,47 +2656,50 @@ "type": "string" }, "lifecycle": { - "additionalProperties": false, + "type": "object", "properties": { "postStart": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, + "type": "object", "required": [ "name", "value" ], - "type": "object" - }, - "type": "array" + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "additionalProperties": false + } }, "path": { "type": "string" @@ -2700,13 +2719,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -2723,38 +2742,43 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "preStop": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2763,13 +2787,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2789,13 +2808,13 @@ "type": "string" } }, + "additionalProperties": false + }, + "tcpSocket": { + "type": "object", "required": [ "port" ], - "type": "object" - }, - "tcpSocket": { - "additionalProperties": false, "properties": { "host": { "type": "string" @@ -2812,45 +2831,50 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "livenessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -2859,13 +2883,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -2885,25 +2904,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -2920,35 +2939,36 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "ports": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "containerPort" + ], "properties": { "containerPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "hostIP": { "type": "string" }, "hostPort": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "name": { "type": "string" @@ -2957,41 +2977,45 @@ "type": "string" } }, - "required": [ - "containerPort" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "readinessProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -3000,13 +3024,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -3026,25 +3045,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -3061,59 +3080,56 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "resources": { - "additionalProperties": false, + "type": "object", "properties": { "limits": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "requests": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" }, "capabilities": { - "additionalProperties": false, + "type": "object", "properties": { "add": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "drop": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "privileged": { "type": "boolean" @@ -3125,18 +3141,18 @@ "type": "boolean" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -3151,10 +3167,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -3166,39 +3182,47 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "startupProbe": { - "additionalProperties": false, + "type": "object", "properties": { "exec": { - "additionalProperties": false, + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "failureThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "httpGet": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" }, "httpHeaders": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -3207,13 +3231,8 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "path": { "type": "string" @@ -3233,25 +3252,25 @@ "type": "string" } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "initialDelaySeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "periodSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "successThreshold": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "tcpSocket": { - "additionalProperties": false, + "type": "object", + "required": [ + "port" + ], "properties": { "host": { "type": "string" @@ -3268,17 +3287,14 @@ "x-kubernetes-int-or-string": true } }, - "required": [ - "port" - ], - "type": "object" + "additionalProperties": false }, "timeoutSeconds": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "stdin": { "type": "boolean" @@ -3296,8 +3312,13 @@ "type": "boolean" }, "volumeDevices": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "devicePath", + "name" + ], "properties": { "devicePath": { "type": "string" @@ -3306,17 +3327,17 @@ "type": "string" } }, - "required": [ - "devicePath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumeMounts": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "mountPath", + "name" + ], "properties": { "mountPath": { "type": "string" @@ -3337,64 +3358,55 @@ "type": "string" } }, - "required": [ - "mountPath", - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "workingDir": { "type": "string" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "nodeName": { "type": "string" }, "nodeSelector": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "overhead": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "preemptionPolicy": { "type": "string" }, "priority": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "priorityClassName": { "type": "string" }, "readinessGates": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "conditionType" + ], "properties": { "conditionType": { "type": "string" } }, - "required": [ - "conditionType" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "restartPolicy": { "type": "string" @@ -3406,25 +3418,28 @@ "type": "string" }, "securityContext": { - "additionalProperties": false, + "type": "object", "properties": { "fsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" + }, + "fsGroupChangePolicy": { + "type": "string" }, "runAsGroup": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "runAsNonRoot": { "type": "boolean" }, "runAsUser": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "seLinuxOptions": { - "additionalProperties": false, + "type": "object", "properties": { "level": { "type": "string" @@ -3439,18 +3454,23 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "supplementalGroups": { + "type": "array", "items": { - "format": "int64", - "type": "integer" - }, - "type": "array" + "type": "integer", + "format": "int64" + } }, "sysctls": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name", + "value" + ], "properties": { "name": { "type": "string" @@ -3459,16 +3479,11 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "windowsOptions": { - "additionalProperties": false, + "type": "object", "properties": { "gmsaCredentialSpec": { "type": "string" @@ -3480,10 +3495,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "serviceAccount": { "type": "string" @@ -3498,12 +3513,13 @@ "type": "string" }, "terminationGracePeriodSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "tolerations": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "effect": { "type": "string" @@ -3515,27 +3531,37 @@ "type": "string" }, "tolerationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "value": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "topologySpreadConstraints": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "properties": { "labelSelector": { - "additionalProperties": false, + "type": "object", "properties": { "matchExpressions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "operator" + ], "properties": { "key": { "type": "string" @@ -3544,32 +3570,27 @@ "type": "string" }, "values": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "matchLabels": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "maxSkew": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "topologyKey": { "type": "string" @@ -3578,28 +3599,29 @@ "type": "string" } }, - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "volumes": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "name" + ], "properties": { "awsElasticBlockStore": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" @@ -3608,13 +3630,14 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "azureDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { "cachingMode": { "type": "string" @@ -3635,14 +3658,14 @@ "type": "boolean" } }, - "required": [ - "diskName", - "diskURI" - ], - "type": "object" + "additionalProperties": false }, "azureFile": { - "additionalProperties": false, + "type": "object", + "required": [ + "secretName", + "shareName" + ], "properties": { "readOnly": { "type": "boolean" @@ -3654,20 +3677,19 @@ "type": "string" } }, - "required": [ - "secretName", - "shareName" - ], - "type": "object" + "additionalProperties": false }, "cephfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "monitors" + ], "properties": { "monitors": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "path": { "type": "string" @@ -3679,25 +3701,25 @@ "type": "string" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "user": { "type": "string" } }, - "required": [ - "monitors" - ], - "type": "object" + "additionalProperties": false }, "cinder": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -3706,52 +3728,49 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "volumeID": { "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" @@ -3760,10 +3779,13 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "csi": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -3772,42 +3794,46 @@ "type": "string" }, "nodePublishSecretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "readOnly": { "type": "boolean" }, "volumeAttributes": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -3816,20 +3842,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -3841,24 +3867,17 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "emptyDir": { - "additionalProperties": false, + "type": "object", "properties": { "medium": { "type": "string" @@ -3867,38 +3886,41 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "fc": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "readOnly": { "type": "boolean" }, "targetWWNs": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "wwids": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false }, "flexVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ], "properties": { "driver": { "type": "string" @@ -3907,31 +3929,28 @@ "type": "string" }, "options": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "driver" - ], - "type": "object" + "additionalProperties": false }, "flocker": { - "additionalProperties": false, + "type": "object", "properties": { "datasetName": { "type": "string" @@ -3940,17 +3959,20 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "gcePersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdName" + ], "properties": { "fsType": { "type": "string" }, "partition": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "pdName": { "type": "string" @@ -3959,13 +3981,13 @@ "type": "boolean" } }, - "required": [ - "pdName" - ], - "type": "object" + "additionalProperties": false }, "gitRepo": { - "additionalProperties": false, + "type": "object", + "required": [ + "repository" + ], "properties": { "directory": { "type": "string" @@ -3977,13 +3999,14 @@ "type": "string" } }, - "required": [ - "repository" - ], - "type": "object" + "additionalProperties": false }, "glusterfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { "endpoints": { "type": "string" @@ -3995,14 +4018,13 @@ "type": "boolean" } }, + "additionalProperties": false + }, + "hostPath": { + "type": "object", "required": [ - "endpoints", "path" ], - "type": "object" - }, - "hostPath": { - "additionalProperties": false, "properties": { "path": { "type": "string" @@ -4011,13 +4033,15 @@ "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false }, "iscsi": { - "additionalProperties": false, + "type": "object", + "required": [ + "iqn", + "lun", + "targetPortal" + ], "properties": { "chapAuthDiscovery": { "type": "boolean" @@ -4038,43 +4062,42 @@ "type": "string" }, "lun": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "portals": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "readOnly": { "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "targetPortal": { "type": "string" } }, - "required": [ - "iqn", - "lun", - "targetPortal" - ], - "type": "object" + "additionalProperties": false }, "name": { "type": "string" }, "nfs": { - "additionalProperties": false, + "type": "object", + "required": [ + "path", + "server" + ], "properties": { "path": { "type": "string" @@ -4086,14 +4109,13 @@ "type": "string" } }, - "required": [ - "path", - "server" - ], - "type": "object" + "additionalProperties": false }, "persistentVolumeClaim": { - "additionalProperties": false, + "type": "object", + "required": [ + "claimName" + ], "properties": { "claimName": { "type": "string" @@ -4102,13 +4124,13 @@ "type": "boolean" } }, - "required": [ - "claimName" - ], - "type": "object" + "additionalProperties": false }, "photonPersistentDisk": { - "additionalProperties": false, + "type": "object", + "required": [ + "pdID" + ], "properties": { "fsType": { "type": "string" @@ -4117,13 +4139,13 @@ "type": "string" } }, - "required": [ - "pdID" - ], - "type": "object" + "additionalProperties": false }, "portworxVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumeID" + ], "properties": { "fsType": { "type": "string" @@ -4135,47 +4157,48 @@ "type": "string" } }, - "required": [ - "volumeID" - ], - "type": "object" + "additionalProperties": false }, "projected": { - "additionalProperties": false, + "type": "object", + "required": [ + "sources" + ], "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "sources": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "configMap": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" @@ -4184,17 +4207,24 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "downwardAPI": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "fieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "fieldPath" + ], "properties": { "apiVersion": { "type": "string" @@ -4203,20 +4233,20 @@ "type": "string" } }, - "required": [ - "fieldPath" - ], - "type": "object" + "additionalProperties": false }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" }, "resourceFieldRef": { - "additionalProperties": false, + "type": "object", + "required": [ + "resource" + ], "properties": { "containerName": { "type": "string" @@ -4228,47 +4258,40 @@ "type": "string" } }, - "required": [ - "resource" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "name": { "type": "string" @@ -4277,40 +4300,40 @@ "type": "boolean" } }, - "type": "object" + "additionalProperties": false }, "serviceAccountToken": { - "additionalProperties": false, + "type": "object", + "required": [ + "path" + ], "properties": { "audience": { "type": "string" }, "expirationSeconds": { - "format": "int64", - "type": "integer" + "type": "integer", + "format": "int64" }, "path": { "type": "string" } }, - "required": [ - "path" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "sources" - ], - "type": "object" + "additionalProperties": false }, "quobyte": { - "additionalProperties": false, + "type": "object", + "required": [ + "registry", + "volume" + ], "properties": { "group": { "type": "string" @@ -4331,14 +4354,14 @@ "type": "string" } }, - "required": [ - "registry", - "volume" - ], - "type": "object" + "additionalProperties": false }, "rbd": { - "additionalProperties": false, + "type": "object", + "required": [ + "image", + "monitors" + ], "properties": { "fsType": { "type": "string" @@ -4350,10 +4373,10 @@ "type": "string" }, "monitors": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "pool": { "type": "string" @@ -4362,26 +4385,27 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "user": { "type": "string" } }, - "required": [ - "image", - "monitors" - ], - "type": "object" + "additionalProperties": false }, "scaleIO": { - "additionalProperties": false, + "type": "object", + "required": [ + "gateway", + "secretRef", + "system" + ], "properties": { "fsType": { "type": "string" @@ -4396,13 +4420,13 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "sslEnabled": { "type": "boolean" @@ -4420,42 +4444,37 @@ "type": "string" } }, - "required": [ - "gateway", - "secretRef", - "system" - ], - "type": "object" + "additionalProperties": false }, "secret": { - "additionalProperties": false, + "type": "object", "properties": { "defaultMode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "items": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "key", + "path" + ], "properties": { "key": { "type": "string" }, "mode": { - "format": "int32", - "type": "integer" + "type": "integer", + "format": "int32" }, "path": { "type": "string" } }, - "required": [ - "key", - "path" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "optional": { "type": "boolean" @@ -4464,10 +4483,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "storageos": { - "additionalProperties": false, + "type": "object", "properties": { "fsType": { "type": "string" @@ -4476,13 +4495,13 @@ "type": "boolean" }, "secretRef": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "volumeName": { "type": "string" @@ -4491,10 +4510,13 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "vsphereVolume": { - "additionalProperties": false, + "type": "object", + "required": [ + "volumePath" + ], "properties": { "fsType": { "type": "string" @@ -4509,60 +4531,43 @@ "type": "string" } }, - "required": [ - "volumePath" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "required": [ - "containers" - ], - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } }, - "required": [ - "selector", - "template" - ], - "type": "object" + "additionalProperties": false } }, - "required": [ - "name", - "spec" - ], - "type": "object" + "additionalProperties": false }, "serviceAccount": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false }, "customresourcedefinitions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -4571,13 +4576,13 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "dependsOn": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "crd": { "type": "string" @@ -4586,43 +4591,47 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "package": { "type": "string" }, "serviceAccount": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "source": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "icons": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "base64Data", + "mediatype" + ], "properties": { "base64Data": { "type": "string" @@ -4631,26 +4640,22 @@ "type": "string" } }, - "required": [ - "base64Data", - "mediatype" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "keywords": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "license": { "type": "string" }, "maintainers": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "email": { "type": "string" @@ -4659,9 +4664,8 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "overview": { "type": "string" @@ -4670,8 +4674,9 @@ "type": "string" }, "owners": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "email": { "type": "string" @@ -4680,73 +4685,72 @@ "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "packageType": { + "type": "string", "enum": [ "Provider", "Stack", "Application", "Addon" - ], - "type": "string" + ] }, "permissionScope": { + "type": "string", "enum": [ "Cluster", "Namespaced" - ], - "type": "string" + ] }, "permissions": { - "additionalProperties": false, + "type": "object", "properties": { "rules": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "verbs" + ], "properties": { "apiGroups": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "nonResourceURLs": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "resourceNames": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "resources": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "verbs": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } } }, - "required": [ - "verbs" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "readme": { "type": "string" @@ -4764,11 +4768,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { "type": "object" } - }, - "type": "object" + } } diff --git a/schema/stacks.crossplane.io/stackinstall_v1alpha1.json b/schema/stacks.crossplane.io/stackinstall_v1alpha1.json index b4e5fdad2..a5894862a 100644 --- a/schema/stacks.crossplane.io/stackinstall_v1alpha1.json +++ b/schema/stacks.crossplane.io/stackinstall_v1alpha1.json @@ -1,4 +1,5 @@ { + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -10,7 +11,7 @@ "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "crd": { "type": "string" @@ -19,51 +20,58 @@ "type": "string" }, "imagePullSecrets": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", "properties": { "name": { "type": "string" } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "package": { "type": "string" }, "serviceAccount": { - "additionalProperties": false, + "type": "object", "properties": { "annotations": { + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } } }, - "type": "object" + "additionalProperties": false }, "source": { "type": "string" } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", "properties": { "conditionedStatus": { - "additionalProperties": false, + "type": "object", "properties": { "conditions": { + "type": "array", "items": { - "additionalProperties": false, + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "type": "string", + "format": "date-time" }, "message": { "type": "string" @@ -78,21 +86,14 @@ "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } } }, - "type": "object" + "additionalProperties": false }, "installJob": { - "additionalProperties": false, + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -116,10 +117,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false }, "stackRecord": { - "additionalProperties": false, + "type": "object", "properties": { "apiVersion": { "type": "string" @@ -143,11 +144,10 @@ "type": "string" } }, - "type": "object" + "additionalProperties": false } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/standard.oam.dev/rollout_v1alpha1.json b/schema/standard.oam.dev/rollout_v1alpha1.json index ed9ef83aa..7aa72185e 100644 --- a/schema/standard.oam.dev/rollout_v1alpha1.json +++ b/schema/standard.oam.dev/rollout_v1alpha1.json @@ -1,38 +1,60 @@ { + "description": "Rollout is the Schema for the Rollout API", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "RolloutSpec defines how to describe an update between different compRevision", + "type": "object", + "required": [ + "componentName", + "rolloutPlan", + "targetRevisionName" + ], "properties": { "componentName": { + "description": "ComponentName specify the component name", "type": "string" }, "rolloutPlan": { - "additionalProperties": false, + "description": "RolloutPlan is the details on how to rollout the resources", + "type": "object", "properties": { "batchPartition": { - "format": "int32", - "type": "integer" + "description": "All pods in the batches up to the batchPartition (included) will have the target resource specification while the rest still have the source resource This is designed for the operators to manually rollout Default is the the number of batches which will rollout all the batches", + "type": "integer", + "format": "int32" }, "canaryMetric": { + "description": "CanaryMetric provides a way for the rollout process to automatically check certain metrics before complete the process", + "type": "array", "items": { - "additionalProperties": false, + "description": "CanaryMetric holds the reference to metrics used for canary analysis", + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { + "description": "Interval represents the windows size", "type": "string" }, "metricsRange": { - "additionalProperties": false, + "description": "Range value accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Maximum value", "anyOf": [ { "type": "integer" @@ -44,6 +66,7 @@ "x-kubernetes-int-or-string": true }, "min": { + "description": "Minimum value", "anyOf": [ { "type": "integer" @@ -55,107 +78,134 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the metric", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "TemplateRef references a metric template object", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "numBatches": { - "format": "int32", - "type": "integer" + "description": "The number of batches, default = 1", + "type": "integer", + "format": "int32" }, "paused": { + "description": "Paused the rollout, default is false", "type": "boolean" }, "rolloutBatches": { + "description": "The exact distribution among batches. its size has to be exactly the same as the NumBatches (if set) The total number cannot exceed the targetSize or the size of the source resource We will IGNORE the last batch's replica field if it's a percentage since round errors can lead to inaccurate sum We highly recommend to leave the last batch's replica field empty", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutBatch is used to describe how the each batch rollout should be", + "type": "object", "properties": { "batchRolloutWebhooks": { + "description": "RolloutWebhooks provides a way for the batch rollout to interact with an external process", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutWebhook holds the reference to external checks used for canary analysis", + "type": "object", + "required": [ + "name", + "type", + "url" + ], "properties": { "expectedStatus": { + "description": "ExpectedStatus contains all the expected http status code that we will accept as success", + "type": "array", "items": { "type": "integer" - }, - "type": "array" + } }, "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "method": { + "description": "Method the HTTP call method, default is POST", "type": "string" }, "name": { + "description": "Name of this webhook", "type": "string" }, "type": { + "description": "Type of this webhook", "type": "string" }, "url": { + "description": "URL address of this webhook", "type": "string" } }, - "required": [ - "name", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "canaryMetric": { + "description": "CanaryMetric provides a way for the batch rollout process to automatically check certain metrics before moving to the next batch", + "type": "array", "items": { - "additionalProperties": false, + "description": "CanaryMetric holds the reference to metrics used for canary analysis", + "type": "object", + "required": [ + "name" + ], "properties": { "interval": { + "description": "Interval represents the windows size", "type": "string" }, "metricsRange": { - "additionalProperties": false, + "description": "Range value accepted for this metric", + "type": "object", "properties": { "max": { + "description": "Maximum value", "anyOf": [ { "type": "integer" @@ -167,6 +217,7 @@ "x-kubernetes-int-or-string": true }, "min": { + "description": "Minimum value", "anyOf": [ { "type": "integer" @@ -178,52 +229,59 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" + "additionalProperties": false }, "name": { + "description": "Name of the metric", "type": "string" }, "templateRef": { - "additionalProperties": false, + "description": "TemplateRef references a metric template object", + "type": "object", "properties": { "apiVersion": { + "description": "API version of the referent.", "type": "string" }, "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" } }, - "required": [ - "name" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "instanceInterval": { - "format": "int32", - "type": "integer" + "description": "The wait time, in seconds, between instances upgrades, default = 0", + "type": "integer", + "format": "int32" }, "maxUnavailable": { + "description": "MaxUnavailable is the max allowed number of pods that is unavailable during the upgrade. We will mark the batch as ready as long as there are less or equal number of pods unavailable than this number. default = 0", "anyOf": [ { "type": "integer" @@ -235,12 +293,14 @@ "x-kubernetes-int-or-string": true }, "podList": { + "description": "The list of Pods to get upgraded it is mutually exclusive with the Replicas field", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "replicas": { + "description": "Replicas is the number of pods to upgrade in this batch it can be an absolute number (ex: 5) or a percentage of total pods we will ignore the percentage of the last batch to just fill the gap it is mutually exclusive with the PodList field", "anyOf": [ { "type": "integer" @@ -252,154 +312,178 @@ "x-kubernetes-int-or-string": true } }, - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "rolloutStrategy": { + "description": "RolloutStrategy defines strategies for the rollout plan The default is IncreaseFirstRolloutStrategyType", "type": "string" }, "rolloutWebhooks": { + "description": "RolloutWebhooks provide a way for the rollout to interact with an external process", + "type": "array", "items": { - "additionalProperties": false, + "description": "RolloutWebhook holds the reference to external checks used for canary analysis", + "type": "object", + "required": [ + "name", + "type", + "url" + ], "properties": { "expectedStatus": { + "description": "ExpectedStatus contains all the expected http status code that we will accept as success", + "type": "array", "items": { "type": "integer" - }, - "type": "array" + } }, "metadata": { + "description": "Metadata (key-value pairs) for this webhook", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "method": { + "description": "Method the HTTP call method, default is POST", "type": "string" }, "name": { + "description": "Name of this webhook", "type": "string" }, "type": { + "description": "Type of this webhook", "type": "string" }, "url": { + "description": "URL address of this webhook", "type": "string" } }, - "required": [ - "name", - "type", - "url" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "targetSize": { - "format": "int32", - "type": "integer" + "description": "The size of the target resource. The default is the same as the size of the source resource.", + "type": "integer", + "format": "int32" } }, - "type": "object" + "additionalProperties": false }, "sourceRevisionName": { + "description": "SourceRevisionName contains the name of the componentRevisionName that we need to upgrade from. it can be empty only when it's the first time to deploy the application", "type": "string" }, "targetRevisionName": { + "description": "TargetRevisionName contains the name of the componentRevisionName that we need to upgrade to.", "type": "string" } }, - "required": [ - "componentName", - "rolloutPlan", - "targetRevisionName" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "CompRolloutStatus defines the observed state of rollout", + "type": "object", + "required": [ + "currentBatch", + "lastTargetRevision", + "rollingState", + "upgradedReadyReplicas", + "upgradedReplicas" + ], "properties": { "LastSourceRevision": { + "description": "LastSourceRevision contains the name of the componentRevisionName that we need to upgrade from. We will restart the rollout if this is not the same as the spec", "type": "string" }, "batchRollingState": { + "description": "BatchRollingState only meaningful when the Status is rolling", "type": "string" }, "conditions": { + "description": "Conditions of the resource.", + "type": "array", "items": { - "additionalProperties": false, + "description": "A Condition that may apply to a resource.", + "type": "object", + "required": [ + "lastTransitionTime", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "currentBatch": { - "format": "int32", - "type": "integer" + "description": "The current batch the rollout is working on/blocked it starts from 0", + "type": "integer", + "format": "int32" }, "lastAppliedPodTemplateIdentifier": { + "description": "lastAppliedPodTemplateIdentifier is a string that uniquely represent the last pod template each workload type could use different ways to identify that so we cannot compare between resources We update this field only after a successful rollout", "type": "string" }, "lastTargetRevision": { + "description": "LastUpgradedTargetRevision contains the name of the componentRevisionName that we upgraded to We will restart the rollout if this is not the same as the spec", "type": "string" }, "rollingState": { + "description": "RollingState is the Rollout State", "type": "string" }, "rolloutOriginalSize": { - "format": "int32", - "type": "integer" + "description": "RolloutTargetSize is the size of the target resources. This is determined once the initial spec verification and does not change until the rollout is restarted", + "type": "integer", + "format": "int32" }, "rolloutTargetSize": { - "format": "int32", - "type": "integer" + "description": "RolloutTargetSize is the size of the target resources. This is determined once the initial spec verification and does not change until the rollout is restarted", + "type": "integer", + "format": "int32" }, "targetGeneration": { + "description": "NewPodTemplateIdentifier is a string that uniquely represent the new pod template each workload type could use different ways to identify that so we cannot compare between resources", "type": "string" }, "upgradedReadyReplicas": { - "format": "int32", - "type": "integer" + "description": "UpgradedReadyReplicas is the number of Pods upgraded by the rollout controller that have a Ready Condition.", + "type": "integer", + "format": "int32" }, "upgradedReplicas": { - "format": "int32", - "type": "integer" + "description": "UpgradedReplicas is the number of Pods upgraded by the rollout controller", + "type": "integer", + "format": "int32" } }, - "required": [ - "currentBatch", - "lastTargetRevision", - "rollingState", - "upgradedReadyReplicas", - "upgradedReplicas" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/temporal.io/temporalworkerprocess_v1beta1.json b/schema/temporal.io/temporalworkerprocess_v1beta1.json index dd5f3280d..a7d2ae674 100644 --- a/schema/temporal.io/temporalworkerprocess_v1beta1.json +++ b/schema/temporal.io/temporalworkerprocess_v1beta1.json @@ -1,222 +1,267 @@ { + "description": "TemporalWorkerProcess is the Schema for the temporalworkerprocesses API.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "TemporalWorkerProcessSpec defines the desired state of TemporalWorkerProcess.", + "type": "object", + "required": [ + "clusterRef", + "image", + "temporalNamespace" + ], "properties": { "builder": { - "additionalProperties": false, + "description": "Builder is the configuration for building a TemporalWorkerProcess. THIS FEATURE IS HIGHLY EXPERIMENTAL.", + "type": "object", + "required": [ + "enabled" + ], "properties": { "attempt": { - "format": "int32", - "type": "integer" + "description": "BuildAttempt is the build attempt number of a given version", + "type": "integer", + "format": "int32" }, "buildDir": { + "description": "BuildDir is the location of where the sources will be built.", "type": "string" }, "buildRegistry": { - "additionalProperties": false, + "description": "BuildRegistry specifies how to connect to container registry.", + "type": "object", + "required": [ + "passwordSecretRef", + "repository", + "username" + ], "properties": { "passwordSecretRef": { - "additionalProperties": false, + "description": "PasswordSecret is the reference to the secret holding the docker repo password.", + "type": "object", + "required": [ + "name" + ], "properties": { "key": { + "description": "Key in the Secret.", "type": "string" }, "name": { + "description": "Name of the Secret.", "type": "string" } }, - "required": [ - "name" - ], - "type": "object" + "additionalProperties": false }, "repository": { + "description": "Repository is the fqdn to the image repo.", "type": "string" }, "username": { + "description": "Username is the username for the container repo.", "type": "string" } }, - "required": [ - "passwordSecretRef", - "repository", - "username" - ], - "type": "object" + "additionalProperties": false }, "enabled": { + "description": "Enabled defines if the operator should build the temporal worker process.", "type": "boolean" }, "gitRepository": { - "additionalProperties": false, + "description": "GitRepository specifies how to connect to Git source control.", + "type": "object", + "required": [ + "url" + ], "properties": { "reference": { - "additionalProperties": false, + "description": "Reference specifies the Git reference to resolve and monitor for changes, defaults to the 'master' branch.", + "type": "object", "properties": { "branch": { + "description": "Branch to check out, defaults to 'main' if no other field is defined.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "url": { - "pattern": "^(http|https|ssh)://.*$", - "type": "string" + "description": "URL specifies the Git repository URL, it can be an HTTP/S or SSH address.", + "type": "string", + "pattern": "^(http|https|ssh)://.*$" } }, - "required": [ - "url" - ], - "type": "object" + "additionalProperties": false }, "image": { + "description": "Image is the image that will be used to build worker image.", "type": "string" }, "version": { + "description": "Version is the version of the image that will be used to build worker image.", "type": "string" } }, - "required": [ - "enabled" - ], - "type": "object" + "additionalProperties": false }, "clusterRef": { - "additionalProperties": false, + "description": "Reference to the temporal cluster the worker will connect to.", + "type": "object", "properties": { "name": { + "description": "The name of the TemporalCluster to reference.", "type": "string" }, "namespace": { + "description": "The namespace of the TemporalCluster to reference. Defaults to the namespace of the requested resource if omitted.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "image": { + "description": "Image defines the temporal worker docker image the instance should run.", "type": "string" }, "imagePullSecrets": { + "description": "An optional list of references to secrets in the same namespace to use for pulling temporal images from registries.", + "type": "array", "items": { - "additionalProperties": false, + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" - }, - "type": "array" + } }, "jobTtlSecondsAfterFinished": { - "default": 300, + "description": "JobTTLSecondsAfterFinished is amount of time to keep job pods after jobs are completed. Defaults to 300 seconds.", + "type": "integer", "format": "int32", - "minimum": 1, - "type": "integer" + "default": 300, + "minimum": 1 }, "pullPolicy": { + "description": "Image pull policy for determining how to pull worker process images.", "type": "string" }, "replicas": { + "description": "Number of desired replicas. Default to 1.", + "type": "integer", "format": "int32", - "minimum": 1, - "type": "integer" + "minimum": 1 }, "temporalNamespace": { + "description": "TemporalNamespace that worker will poll.", "type": "string" }, "version": { + "description": "Version defines the worker process version.", "type": "string" } }, - "required": [ - "clusterRef", - "image", - "temporalNamespace" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "TemporalWorkerProcessStatus defines the observed state of TemporalWorkerProcess.", + "type": "object", + "required": [ + "conditions" + ], "properties": { "attempt": { - "format": "int32", - "type": "integer" + "description": "BuildAttempt is the build attempt number of a given version", + "type": "integer", + "format": "int32" }, "conditions": { + "description": "Conditions represent the latest available observations of the worker process state.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "type": "object", + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "type": "string", + "format": "date-time" }, "message": { - "maxLength": 32768, - "type": "string" + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "type": "string", + "maxLength": 32768 }, "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "minimum": 0 }, "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", "maxLength": 1024, "minLength": 1, - "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", - "type": "string" + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" }, "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", "enum": [ "True", "False", "Unknown" - ], - "type": "string" + ] }, "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "type": "string", "maxLength": 316, - "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", - "type": "string" + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" } }, - "required": [ - "lastTransitionTime", - "message", - "reason", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "created": { + "description": "Created indicates if the worker process image was created.", "type": "boolean" }, "ready": { + "description": "Ready defines if the worker process is ready.", "type": "boolean" }, "version": { + "description": "Version is the version of the image that will be used to build worker image.", "type": "string" } }, - "required": [ - "conditions" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/tinkerbell.org/hardware_v1alpha1.json b/schema/tinkerbell.org/hardware_v1alpha1.json index 3114f7bba..42536bf9d 100644 --- a/schema/tinkerbell.org/hardware_v1alpha1.json +++ b/schema/tinkerbell.org/hardware_v1alpha1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,31 +16,26 @@ "spec": { "description": "HardwareSpec defines the desired state of Hardware.", "type": "object", + "required": [ + "id" + ], "properties": { - "bmcRef": { - "description": "BMCRef contains a relation to a BMC state management type in the same\nnamespace as the Hardware. This may be used for BMC management by\norchestrators.", - "type": "object", - "required": [ - "kind", - "name" - ], - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string" - } - }, - "additionalProperties": false, - "x-kubernetes-map-type": "atomic" + "id": { + "description": "ID is the ID of the hardware in Tinkerbell", + "type": "string", + "minLength": 1 }, + "userData": { + "description": "UserData is the user data to configure in the hardware's metadata", + "type": "string" + } + }, + "additionalProperties": false + }, + "status": { + "description": "HardwareStatus defines the observed state of Hardware.", + "type": "object", + "properties": { "disks": { "type": "array", "items": { @@ -98,8 +93,7 @@ "format": "int64" }, "mac": { - "type": "string", - "pattern": "([0-9a-f]{2}[:]){5}([0-9a-f]{2})" + "type": "string" }, "name_servers": { "type": "array", @@ -115,20 +109,10 @@ }, "uefi": { "type": "boolean" - }, - "vlan_id": { - "description": "validation pattern for VLANDID is a string number between 0-4096", - "type": "string", - "pattern": "^(([0-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))(,[1-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))*)$" } }, "additionalProperties": false }, - "disableDhcp": { - "description": "DisableDHCP disables DHCP for this interface.", - "type": "boolean", - "default": false - }, "netboot": { "description": "Netboot configuration.", "type": "object", @@ -175,353 +159,16 @@ "additionalProperties": false } }, - "metadata": { - "type": "object", - "properties": { - "bonding_mode": { - "type": "integer", - "format": "int64" - }, - "custom": { - "type": "object", - "properties": { - "preinstalled_operating_system_version": { - "type": "object", - "properties": { - "distro": { - "type": "string" - }, - "image_tag": { - "type": "string" - }, - "os_slug": { - "type": "string" - }, - "slug": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "additionalProperties": false - }, - "private_subnets": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "additionalProperties": false - }, - "facility": { - "type": "object", - "properties": { - "facility_code": { - "type": "string" - }, - "plan_slug": { - "type": "string" - }, - "plan_version_slug": { - "type": "string" - } - }, - "additionalProperties": false - }, - "instance": { - "type": "object", - "properties": { - "allow_pxe": { - "type": "boolean" - }, - "always_pxe": { - "type": "boolean" - }, - "crypted_root_password": { - "type": "string" - }, - "hostname": { - "type": "string" - }, - "id": { - "type": "string" - }, - "ips": { - "type": "array", - "items": { - "type": "object", - "properties": { - "address": { - "type": "string" - }, - "family": { - "type": "integer", - "format": "int64" - }, - "gateway": { - "type": "string" - }, - "management": { - "type": "boolean" - }, - "netmask": { - "type": "string" - }, - "public": { - "type": "boolean" - } - }, - "additionalProperties": false - } - }, - "ipxe_script_url": { - "type": "string" - }, - "network_ready": { - "type": "boolean" - }, - "operating_system": { - "type": "object", - "properties": { - "distro": { - "type": "string" - }, - "image_tag": { - "type": "string" - }, - "os_slug": { - "type": "string" - }, - "slug": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "additionalProperties": false - }, - "rescue": { - "type": "boolean" - }, - "ssh_keys": { - "type": "array", - "items": { - "type": "string" - } - }, - "state": { - "type": "string" - }, - "storage": { - "type": "object", - "properties": { - "disks": { - "type": "array", - "items": { - "type": "object", - "properties": { - "device": { - "type": "string" - }, - "partitions": { - "type": "array", - "items": { - "type": "object", - "properties": { - "label": { - "type": "string" - }, - "number": { - "type": "integer", - "format": "int64" - }, - "size": { - "type": "integer", - "format": "int64" - }, - "start": { - "type": "integer", - "format": "int64" - }, - "type_guid": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "wipe_table": { - "type": "boolean" - } - }, - "additionalProperties": false - } - }, - "filesystems": { - "type": "array", - "items": { - "type": "object", - "properties": { - "mount": { - "type": "object", - "properties": { - "create": { - "type": "object", - "properties": { - "force": { - "type": "boolean" - }, - "options": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "additionalProperties": false - }, - "device": { - "type": "string" - }, - "files": { - "type": "array", - "items": { - "type": "object", - "properties": { - "contents": { - "type": "string" - }, - "gid": { - "type": "integer", - "format": "int64" - }, - "mode": { - "type": "integer", - "format": "int64" - }, - "path": { - "type": "string" - }, - "uid": { - "type": "integer", - "format": "int64" - } - }, - "additionalProperties": false - } - }, - "format": { - "type": "string" - }, - "point": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - } - }, - "raid": { - "type": "array", - "items": { - "type": "object", - "properties": { - "devices": { - "type": "array", - "items": { - "type": "string" - } - }, - "level": { - "type": "string" - }, - "name": { - "type": "string" - }, - "spare": { - "type": "integer", - "format": "int64" - } - }, - "additionalProperties": false - } - } - }, - "additionalProperties": false - }, - "tags": { - "type": "array", - "items": { - "type": "string" - } - }, - "userdata": { - "type": "string" - } - }, - "additionalProperties": false - }, - "manufacturer": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "slug": { - "type": "string" - } - }, - "additionalProperties": false - }, - "state": { - "type": "string" - } - }, - "additionalProperties": false + "state": { + "description": "HardwareState represents the hardware state.", + "type": "string" }, - "resources": { - "description": "Resources represents known resources that are available on a machine.\nResources may be used for scheduling by orchestrators.", - "type": "object", - "additionalProperties": { - "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - "anyOf": [ - { - "type": "integer" - }, - { - "type": "string" - } - ], - "x-kubernetes-int-or-string": true - } + "tinkMetadata": { + "type": "string" }, "tinkVersion": { "type": "integer", "format": "int64" - }, - "userData": { - "description": "UserData is the user data to configure in the hardware's\nmetadata", - "type": "string" - }, - "vendorData": { - "description": "VendorData is the vendor data to configure in the hardware's\nmetadata", - "type": "string" - } - }, - "additionalProperties": false - }, - "status": { - "description": "HardwareStatus defines the observed state of Hardware.", - "type": "object", - "properties": { - "state": { - "description": "HardwareState represents the hardware state.", - "type": "string" } }, "additionalProperties": false diff --git a/schema/tinkerbell.org/hardware_v1alpha2.json b/schema/tinkerbell.org/hardware_v1alpha2.json index afc80bd45..6704e1d4b 100644 --- a/schema/tinkerbell.org/hardware_v1alpha2.json +++ b/schema/tinkerbell.org/hardware_v1alpha2.json @@ -1,140 +1,168 @@ { + "description": "Hardware is a logical representation of a machine that can execute Workflows.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "bmcRef": { - "additionalProperties": false, + "description": "BMCRef references a Rufio Machine object.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "instance": { - "additionalProperties": false, + "description": "Instance describes instance specific data that is generally unused by Tinkerbell core.", + "type": "object", "properties": { "userdata": { + "description": "Userdata is data with a structure understood by the producer and consumer of the data.", "type": "string" }, "vendordata": { + "description": "Vendordata is data with a structure understood by the producer and consumer of the data.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "ipxe": { - "additionalProperties": false, + "description": "IPXE provides iPXE script override fields. This is useful for debugging or netboot customization.", + "type": "object", "properties": { "inline": { + "description": "Content is an inline iPXE script.", "type": "string" }, "url": { + "description": "URL is a URL to a hosted iPXE script.", "type": "string" } }, - "type": "object" + "additionalProperties": false }, "kernelParams": { + "description": "KernelParams passed to the kernel when launching the OSIE. Parameters are joined with a space.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "networkInterfaces": { + "description": "NetworkInterfaces defines the desired DHCP and netboot configuration for a network interface.", + "type": "object", "additionalProperties": { - "additionalProperties": false, + "description": "NetworkInterface is the desired configuration for a particular network interface.", + "type": "object", "properties": { "dhcp": { - "additionalProperties": false, + "description": "DHCP is the basic network information for serving DHCP requests. Required when DisbaleDHCP is false.", + "type": "object", "properties": { "gateway": { - "pattern": "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}", - "type": "string" + "description": "Gateway is the default gateway address to serve.", + "type": "string", + "pattern": "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}" }, "hostname": { - "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9]\"[A-Za-z0-9\\-]*[A-Za-z0-9])$", - "type": "string" + "type": "string", + "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9]\"[A-Za-z0-9\\-]*[A-Za-z0-9])$" }, "ip": { - "pattern": "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}", - "type": "string" + "description": "IP is an IPv4 address to serve.", + "type": "string", + "pattern": "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}" }, "leaseTimeSeconds": { - "default": 86400, + "description": "LeaseTimeSeconds to serve. 24h default. Maximum equates to max uint32 as defined by RFC 2132 § 9.2 (https://www.rfc-editor.org/rfc/rfc2132.html#section-9.2).", + "type": "integer", "format": "int64", + "default": 86400, "maximum": 4294967295, - "minimum": 0, - "type": "integer" + "minimum": 0 }, "nameservers": { + "description": "Nameservers to serve.", + "type": "array", "items": { - "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", - "type": "string" - }, - "type": "array" + "description": "Nameserver is an IP or hostname.", + "type": "string", + "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" + } }, "netmask": { + "description": "Netmask is an IPv4 netmask to serve.", "type": "string" }, "timeservers": { + "description": "Timeservers to serve.", + "type": "array", "items": { - "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", - "type": "string" - }, - "type": "array" + "description": "Timeserver is an IP or hostname.", + "type": "string", + "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" + } }, "vlanId": { - "pattern": "^(([0-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))(,[1-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))*)$", - "type": "string" + "description": "VLANID is a VLAN ID between 0 and 4096.", + "type": "string", + "pattern": "^(([0-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))(,[1-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))*)$" } - }, - "type": "object" + } }, "disableDhcp": { - "default": false, - "type": "boolean" + "description": "DisableDHCP disables DHCP for this interface. Implies DisableNetboot.", + "type": "boolean", + "default": false }, "disableNetboot": { - "default": false, - "type": "boolean" + "description": "DisableNetboot disables netbooting for this interface. The interface will still receive network information specified by DHCP.", + "type": "boolean", + "default": false } - }, - "type": "object" - }, - "type": "object" + } + } }, "osie": { - "additionalProperties": false, + "description": "OSIE describes the Operating System Installation Environment to be netbooted.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "storageDevices": { + "description": "StorageDevices is a list of storage devices that will be available in the OSIE.", + "type": "array", "items": { - "pattern": "^(/[^/ ]*)+/?$", - "type": "string" - }, - "type": "array" + "description": "StorageDevice describes a storage device path that will be present in the OSIE. StorageDevices must be valid Linux paths. They should not contain partitions. \n Good \n /dev/sda /dev/nvme0n1 \n Bad (contains partitions) \n /dev/sda1 /dev/nvme0n1p1 \n Bad (invalid Linux path) \n \\dev\\sda", + "type": "string", + "pattern": "^(/[^/ ]*)+/?$" + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/tinkerbell.org/template_v1alpha1.json b/schema/tinkerbell.org/template_v1alpha1.json index 1e839475f..49fd8b639 100644 --- a/schema/tinkerbell.org/template_v1alpha1.json +++ b/schema/tinkerbell.org/template_v1alpha1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { diff --git a/schema/tinkerbell.org/template_v1alpha2.json b/schema/tinkerbell.org/template_v1alpha2.json index 0ae0800e0..f4e9a4c80 100644 --- a/schema/tinkerbell.org/template_v1alpha2.json +++ b/schema/tinkerbell.org/template_v1alpha2.json @@ -1,86 +1,104 @@ { + "description": "Template defines a set of actions to be run on a target machine. The template is rendered prior to execution where it is exposed to Hardware and user defined data. Most fields within the TemplateSpec may contain templates values excluding .TemplateSpec.Actions[].Name. See https://pkg.go.dev/text/template for more details.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "actions": { + "description": "Actions defines the set of actions to be run on a target machine. Actions are run sequentially in the order they are specified. At least 1 action must be specified. Names of actions must be unique within a Template.", + "type": "array", + "minItems": 1, "items": { - "additionalProperties": false, + "description": "Action defines an individual action to be run on a target machine.", + "type": "object", + "required": [ + "image", + "name" + ], "properties": { "args": { + "description": "Args are a set of arguments to be passed to the command executed by the container on launch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "cmd": { - "pattern": "^(/[^/ ]*)+/?$", - "type": "string" + "description": "Cmd defines the command to use when launching the image. It overrides the default command of the action. It must be a unix path to an executable program.", + "type": "string", + "pattern": "^(/[^/ ]*)+/?$" }, "env": { + "description": "Env defines environment variables used when launching the container.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "image": { + "description": "Image is an OCI image.", "type": "string" }, "name": { + "description": "Name is a name for the action.", "type": "string" }, "namespaces": { - "additionalProperties": false, + "description": "Namespace defines the Linux namespaces this container should execute in.", + "type": "object", "properties": { "network": { + "description": "Network defines the network namespace.", "type": "string" }, "pid": { + "description": "PID defines the PID namespace", "type": "integer" } }, - "type": "object" + "additionalProperties": false }, "volumes": { + "description": "Volumes defines the volumes to mount into the container.", + "type": "array", "items": { + "description": "Volume is a specification for mounting a volume in an action. Volumes take the form {SRC-VOLUME-NAME | SRC-HOST-DIR}:TGT-CONTAINER-DIR:OPTIONS. When specifying a VOLUME-NAME that does not exist it will be created for you. Examples: \n Read-only bind mount bound to /data \n /etc/data:/data:ro \n Writable volume name bound to /data \n shared_volume:/data \n See https://docs.docker.com/storage/volumes/ for additional details.", "type": "string" - }, - "type": "array" + } } }, - "required": [ - "image", - "name" - ], - "type": "object" - }, - "minItems": 1, - "type": "array" + "additionalProperties": false + } }, "env": { + "description": "Env defines environment variables to be available in all actions. If an action specifies the same environment variable it will take precedence.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "volumes": { + "description": "Volumes to be mounted on all actions. If an action specifies the same volume it will take precedence.", + "type": "array", "items": { + "description": "Volume is a specification for mounting a volume in an action. Volumes take the form {SRC-VOLUME-NAME | SRC-HOST-DIR}:TGT-CONTAINER-DIR:OPTIONS. When specifying a VOLUME-NAME that does not exist it will be created for you. Examples: \n Read-only bind mount bound to /data \n /etc/data:/data:ro \n Writable volume name bound to /data \n shared_volume:/data \n See https://docs.docker.com/storage/volumes/ for additional details.", "type": "string" - }, - "type": "array" + } } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/tinkerbell.org/workflow_v1alpha1.json b/schema/tinkerbell.org/workflow_v1alpha1.json index 0dd0b6120..dc4a09b6d 100644 --- a/schema/tinkerbell.org/workflow_v1alpha1.json +++ b/schema/tinkerbell.org/workflow_v1alpha1.json @@ -3,11 +3,11 @@ "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -17,37 +17,6 @@ "description": "WorkflowSpec defines the desired state of Workflow.", "type": "object", "properties": { - "bootOptions": { - "description": "BootOptions are options that control the booting of Hardware.", - "type": "object", - "properties": { - "bootMode": { - "description": "BootMode is the type of booting that will be done.", - "type": "string", - "enum": [ - "netboot", - "iso" - ] - }, - "isoURL": { - "description": "ISOURL is the URL of the ISO that will be one-time booted. When this field is set, the controller will create a job.bmc.tinkerbell.org object\nfor getting the associated hardware into a CDROM booting state.\nA HardwareRef that contains a spec.BmcRef must be provided.", - "type": "string", - "format": "url" - }, - "toggleAllowNetboot": { - "description": "ToggleAllowNetboot indicates whether the controller should toggle the field in the associated hardware for allowing PXE booting.\nThis will be enabled before a Workflow is executed and disabled after the Workflow has completed successfully.\nA HardwareRef must be provided.", - "type": "boolean" - } - }, - "additionalProperties": false - }, - "hardwareMap": { - "description": "A mapping of template devices to hadware mac addresses.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, "hardwareRef": { "description": "Name of the Hardware associated with this workflow.", "type": "string" @@ -60,192 +29,110 @@ "additionalProperties": false }, "status": { - "description": "WorkflowStatus defines the observed state of a Workflow.", + "description": "WorkflowStatus defines the observed state of Workflow.", "type": "object", "properties": { - "bootOptions": { - "description": "BootOptions holds the state of any boot options.", - "type": "object", - "properties": { - "allowNetboot": { - "description": "AllowNetboot holds the state of the the controller's interactions with the allowPXE field in a Hardware object.", - "type": "object", - "properties": { - "toggledFalse": { - "type": "boolean" - }, - "toggledTrue": { - "type": "boolean" - } - }, - "additionalProperties": false - }, - "jobs": { - "description": "Jobs holds the state of any job.bmc.tinkerbell.org objects created.", - "type": "object", - "additionalProperties": { - "description": "JobStatus holds the state of a specific job.bmc.tinkerbell.org object created.", - "type": "object", - "properties": { - "complete": { - "description": "Complete indicates whether the created job.bmc.tinkerbell.org has reported its conditions as complete.", - "type": "boolean" - }, - "existingJobDeleted": { - "description": "ExistingJobDeleted indicates whether any existing job.bmc.tinkerbell.org was deleted.\nThe name of each job.bmc.tinkerbell.org object created by the controller is the same, so only one can exist at a time.\nUsing the same name was chosen so that there is only ever 1 job.bmc.tinkerbell.org per Hardware/Machine.bmc.tinkerbell.org.\nThis makes clean up easier and we dont just orphan jobs every time.", - "type": "boolean" - }, - "uid": { - "description": "UID is the UID of the job.bmc.tinkerbell.org object associated with this workflow.\nThis is used to uniquely identify the job.bmc.tinkerbell.org object, as\nall objects for a specific Hardware/Machine.bmc.tinkerbell.org are created with the same name.", - "type": "string" - } - } - } - } - }, - "additionalProperties": false - }, - "conditions": { - "description": "Conditions are the latest available observations of an object's current state.", + "actions": { + "description": "Actions are the actions for this Workflow.", "type": "array", "items": { - "description": "JobCondition describes current state of a job.", + "description": "Action represents a workflow action.", "type": "object", - "required": [ - "status", - "type" - ], "properties": { - "message": { - "description": "Message is a human readable message indicating details about last transition.", + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "environment": { + "type": "array", + "items": { + "type": "string" + } + }, + "image": { "type": "string" }, - "reason": { - "description": "Reason is a (brief) reason for the condition's last transition.", + "name": { "type": "string" }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", + "on_failure": { + "type": "array", + "items": { + "type": "string" + } + }, + "on_timeout": { + "type": "array", + "items": { + "type": "string" + } + }, + "task_name": { "type": "string" }, - "time": { - "description": "Time when the condition was created.", - "type": "string", - "format": "date-time" + "timeout": { + "type": "integer", + "format": "int64" }, - "type": { - "description": "Type of job condition, Complete or Failed.", + "volumes": { + "type": "array", + "items": { + "type": "string" + } + }, + "worker_id": { "type": "string" } }, "additionalProperties": false - }, - "x-kubernetes-list-type": "atomic" - }, - "currentAction": { - "description": "CurrentAction is the action that is currently in the running state.", - "type": "string" - }, - "globalTimeout": { - "description": "GlobalTimeout represents the max execution time.", - "type": "integer", - "format": "int64" + } }, - "state": { - "description": "State is the current overall state of the Workflow.", + "data": { + "description": "Data is the populated Workflow Data in Tinkerbell.", "type": "string" }, - "tasks": { - "description": "Tasks are the tasks to be run by the worker(s).", + "events": { + "description": "Events are events for this Workflow.", "type": "array", "items": { - "description": "Task represents a series of actions to be completed by a worker.", + "description": "Event represents a workflow event.", "type": "object", - "required": [ - "actions", - "name", - "worker" - ], "properties": { - "actions": { - "type": "array", - "items": { - "description": "Action represents a workflow action.", - "type": "object", - "properties": { - "command": { - "type": "array", - "items": { - "type": "string" - } - }, - "environment": { - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "image": { - "type": "string" - }, - "message": { - "type": "string" - }, - "name": { - "type": "string" - }, - "pid": { - "type": "string" - }, - "seconds": { - "type": "integer", - "format": "int64" - }, - "startedAt": { - "type": "string", - "format": "date-time" - }, - "status": { - "type": "string" - }, - "timeout": { - "type": "integer", - "format": "int64" - }, - "volumes": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "additionalProperties": false - } + "action_name": { + "type": "string" }, - "environment": { - "type": "object", - "additionalProperties": { - "type": "string" - } + "action_status": { + "type": "string" }, - "name": { + "created_at": { + "type": "string", + "format": "date-time" + }, + "message": { "type": "string" }, - "volumes": { - "type": "array", - "items": { - "type": "string" - } + "seconds": { + "type": "integer", + "format": "int64" + }, + "task_name": { + "type": "string" }, - "worker": { + "worker_id": { "type": "string" } }, "additionalProperties": false } }, - "templateRending": { - "description": "TemplateRendering indicates whether the template was rendered successfully.\nPossible values are \"successful\" or \"failed\" or \"unknown\".", + "metadata": { + "description": "Metadata is the metadata stored in Tinkerbell.", + "type": "string" + }, + "state": { + "description": "State is the state of the workflow in Tinkerbell.", "type": "string" } }, diff --git a/schema/tinkerbell.org/workflow_v1alpha2.json b/schema/tinkerbell.org/workflow_v1alpha2.json index a1b207686..3dd09809e 100644 --- a/schema/tinkerbell.org/workflow_v1alpha2.json +++ b/schema/tinkerbell.org/workflow_v1alpha2.json @@ -1,185 +1,223 @@ { + "description": "Workflow describes a set of actions to be run on a specific Hardware. Workflows execute once and should be considered ephemeral.", + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "type": "object", "properties": { "hardwareRef": { - "additionalProperties": false, + "description": "HardwareRef is a reference to a Hardware resource this workflow will execute on. If no namespace is specified the Workflow's namespace is assumed.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "templateParams": { + "description": "TemplateParams are a list of key-value pairs that are injected into templates at render time. TemplateParams are exposed to templates using a top level .Params key. \n For example, TemplateParams = {\"foo\": \"bar\"}, the foo key can be accessed via .Params.foo.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "templateRef": { - "additionalProperties": false, + "description": "TemplateRef is a reference to a Template resource used to render workflow actions. If no namespace is specified the Workflow's namespace is assumed.", + "type": "object", "properties": { "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", "type": "string" } }, - "type": "object", + "additionalProperties": false, "x-kubernetes-map-type": "atomic" }, "timeout": { - "default": 0, + "description": "TimeoutSeconds defines the time the workflow has to complete. The timer begins when the first action is requested. When set to 0, no timeout is applied.", + "type": "integer", "format": "int64", - "minimum": 0, - "type": "integer" + "default": 0, + "minimum": 0 } }, - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "type": "object", + "required": [ + "actions", + "conditions" + ], "properties": { "actions": { + "description": "Actions is a list of action states.", + "type": "array", "items": { - "additionalProperties": false, + "description": "ActionStatus describes status information about an action.", + "type": "object", + "required": [ + "id" + ], "properties": { "failureMessage": { + "description": "FailureMessage is a free-form user friendly message describing why the Action entered the ActionStateFailed state. Typically, this is an elaboration on the Reason.", "type": "string" }, "failureReason": { + "description": "FailureReason is a short CamelCase word or phrase describing why the Action entered ActionStateFailed.", "type": "string" }, "id": { + "description": "ID uniquely identifies the action status.", "type": "string" }, "lastTransitioned": { - "format": "date-time", - "type": "string" + "description": "LastTransition is the observed time when State transitioned last.", + "type": "string", + "format": "date-time" }, "rendered": { - "additionalProperties": false, + "description": "Rendered is the rendered action.", + "type": "object", + "required": [ + "image", + "name" + ], "properties": { "args": { + "description": "Args are a set of arguments to be passed to the command executed by the container on launch.", + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "cmd": { - "pattern": "^(/[^/ ]*)+/?$", - "type": "string" + "description": "Cmd defines the command to use when launching the image. It overrides the default command of the action. It must be a unix path to an executable program.", + "type": "string", + "pattern": "^(/[^/ ]*)+/?$" }, "env": { + "description": "Env defines environment variables used when launching the container.", + "type": "object", "additionalProperties": { "type": "string" - }, - "type": "object" + } }, "image": { + "description": "Image is an OCI image.", "type": "string" }, "name": { + "description": "Name is a name for the action.", "type": "string" }, "namespaces": { - "additionalProperties": false, + "description": "Namespace defines the Linux namespaces this container should execute in.", + "type": "object", "properties": { "network": { + "description": "Network defines the network namespace.", "type": "string" }, "pid": { + "description": "PID defines the PID namespace", "type": "integer" } }, - "type": "object" + "additionalProperties": false }, "volumes": { + "description": "Volumes defines the volumes to mount into the container.", + "type": "array", "items": { + "description": "Volume is a specification for mounting a volume in an action. Volumes take the form {SRC-VOLUME-NAME | SRC-HOST-DIR}:TGT-CONTAINER-DIR:OPTIONS. When specifying a VOLUME-NAME that does not exist it will be created for you. Examples: \n Read-only bind mount bound to /data \n /etc/data:/data:ro \n Writable volume name bound to /data \n shared_volume:/data \n See https://docs.docker.com/storage/volumes/ for additional details.", "type": "string" - }, - "type": "array" + } } }, - "required": [ - "image", - "name" - ], - "type": "object" + "additionalProperties": false }, "startedAt": { - "format": "date-time", - "type": "string" + "description": "StartedAt is the time the action was started as reported by the client. Nil indicates the Action has not started.", + "type": "string", + "format": "date-time" }, "state": { + "description": "State describes the current state of the action.", "type": "string" } }, - "required": [ - "id" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "conditions": { + "description": "Conditions details a set of observations about the Workflow.", + "type": "array", "items": { - "additionalProperties": false, + "description": "Condition defines an observation on a resource that is generally attainable by inspecting other status fields.", + "type": "object", + "required": [ + "lastTransitionTime", + "status", + "type" + ], "properties": { "lastTransitionTime": { - "format": "date-time", - "type": "string" + "description": "LastTransition is the last time the condition transitioned from one status to another.", + "type": "string", + "format": "date-time" }, "message": { + "description": "Message is a human readable message indicating details about the last transition.", "type": "string" }, "reason": { + "description": "Reason is a short CamelCase description for the conditions last transition.", "type": "string" }, "status": { + "description": "Status of the condition.", "type": "string" }, "type": { + "description": "Type of condition.", "type": "string" } }, - "required": [ - "lastTransitionTime", - "status", - "type" - ], - "type": "object" - }, - "type": "array" + "additionalProperties": false + } }, "lastTransitioned": { - "format": "date-time", - "type": "string" + "description": "LastTransition is the observed time when State transitioned last.", + "type": "string", + "format": "date-time" }, "startedAt": { - "format": "date-time", - "type": "string" + "description": "StartedAt is the time the first action was requested. Nil indicates the Workflow has not started.", + "type": "string", + "format": "date-time" }, "state": { + "description": "State describes the current state of the workflow. For the workflow to enter the WorkflowStateSucceeded state all actions must be in ActionStateSucceeded. The Workflow will enter a WorkflowStateFailed if 1 or more Actions fails.", "type": "string" } }, - "required": [ - "actions", - "conditions" - ], - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } } diff --git a/schema/tinkerbell.org/workflowdata_v1alpha1.json b/schema/tinkerbell.org/workflowdata_v1alpha1.json new file mode 100644 index 000000000..0dbaa109d --- /dev/null +++ b/schema/tinkerbell.org/workflowdata_v1alpha1.json @@ -0,0 +1,144 @@ +{ + "description": "Workflow is the Schema for the Workflows API.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "WorkflowSpec defines the desired state of Workflow.", + "type": "object", + "properties": { + "hardwareMap": { + "description": "A mapping of template devices to hadware mac addresses", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "hardwareRef": { + "description": "Name of the Hardware associated with this workflow.", + "type": "string" + }, + "templateRef": { + "description": "Name of the Template associated with this workflow.", + "type": "string" + } + }, + "additionalProperties": false + }, + "status": { + "description": "WorkflowStatus defines the observed state of Workflow.", + "type": "object", + "properties": { + "globalTimeout": { + "description": "GlobalTimeout represents the max execution time", + "type": "integer", + "format": "int64" + }, + "state": { + "description": "State is the state of the workflow in Tinkerbell.", + "type": "string" + }, + "tasks": { + "description": "Tasks are the tasks to be completed", + "type": "array", + "items": { + "description": "Task represents a series of actions to be completed by a worker.", + "type": "object", + "required": [ + "actions", + "name", + "worker" + ], + "properties": { + "actions": { + "type": "array", + "items": { + "description": "Action represents a workflow action.", + "type": "object", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + } + }, + "environment": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "image": { + "type": "string" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "pid": { + "type": "string" + }, + "seconds": { + "type": "integer", + "format": "int64" + }, + "startedAt": { + "type": "string", + "format": "date-time" + }, + "status": { + "type": "string" + }, + "timeout": { + "type": "integer", + "format": "int64" + }, + "volumes": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": false + } + }, + "environment": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "name": { + "type": "string" + }, + "volumes": { + "type": "array", + "items": { + "type": "string" + } + }, + "worker": { + "type": "string" + } + }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + } +} diff --git a/schema/traefik.containo.us/ingressroute_v1alpha1.json b/schema/traefik.containo.us/ingressroute_v1alpha1.json index f79f9e028..26667a5d5 100644 --- a/schema/traefik.containo.us/ingressroute_v1alpha1.json +++ b/schema/traefik.containo.us/ingressroute_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "IngressRoute is the CRD implementation of a Traefik HTTP Router.", "type": "object", "required": [ "metadata", @@ -6,29 +7,35 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IngressRouteSpec defines the desired state of IngressRoute.", "type": "object", "required": [ "routes" ], "properties": { "entryPoints": { + "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/\nDefault: all.", "type": "array", "items": { "type": "string" } }, "routes": { + "description": "Routes defines the list of routes.", "type": "array", "items": { + "description": "Route holds the HTTP route configuration.", "type": "object", "required": [ "kind", @@ -36,26 +43,32 @@ ], "properties": { "kind": { + "description": "Kind defines the kind of the route.\nRule is the only supported kind.", "type": "string", "enum": [ "Rule" ] }, "match": { + "description": "Match defines the router's rule.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule", "type": "string" }, "middlewares": { + "description": "Middlewares defines the list of references to Middleware resources.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware", "type": "array", "items": { + "description": "MiddlewareRef is a reference to a Middleware resource.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name defines the name of the referenced Middleware resource.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Middleware resource.", "type": "string" } }, @@ -63,17 +76,21 @@ } }, "priority": { + "description": "Priority defines the router's priority.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority", "type": "integer" }, "services": { + "description": "Services defines the list of Service.\nIt can contain any combination of TraefikService and/or reference to a Kubernetes Service.", "type": "array", "items": { + "description": "Service defines an upstream HTTP service to proxy traffic to.", "type": "object", "required": [ "name" ], "properties": { "kind": { + "description": "Kind defines the kind of the Service.", "type": "string", "enum": [ "Service", @@ -81,18 +98,23 @@ ] }, "name": { + "description": "Name defines the name of the referenced Kubernetes Service or TraefikService.\nThe differentiation between the two is specified in the Kind field.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.", "type": "string" }, "nativeLB": { + "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, "passHostHeader": { + "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" }, "port": { + "description": "Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port.", "anyOf": [ { "type": "integer" @@ -104,36 +126,46 @@ "x-kubernetes-int-or-string": true }, "responseForwarding": { + "description": "ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.", "type": "object", "properties": { "flushInterval": { + "description": "FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.\nA negative value means to flush immediately after each write to the client.\nThis configuration is ignored when ReverseProxy recognizes a response as a streaming response;\nfor such responses, writes are flushed to the client immediately.\nDefault: 100ms", "type": "string" } }, "additionalProperties": false }, "scheme": { + "description": "Scheme defines the scheme to use for the request to the upstream Kubernetes Service.\nIt defaults to https when Kubernetes Service port is 443, http otherwise.", "type": "string" }, "serversTransport": { + "description": "ServersTransport defines the name of ServersTransport resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service.", "type": "string" }, "sticky": { + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", "type": "object", "properties": { "cookie": { + "description": "Cookie defines the sticky cookie configuration.", "type": "object", "properties": { "httpOnly": { + "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, "name": { + "description": "Name defines the Cookie name.", "type": "string" }, "sameSite": { + "description": "SameSite defines the same site policy.\nMore info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite", "type": "string" }, "secure": { + "description": "Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).", "type": "boolean" } }, @@ -143,9 +175,11 @@ "additionalProperties": false }, "strategy": { + "description": "Strategy defines the load balancing strategy between the servers.\nRoundRobin is the only supported value at the moment.", "type": "string" }, "weight": { + "description": "Weight defines the weight and should only be specified when Name references a TraefikService object\n(and to be precise, one that embeds a Weighted Round Robin).", "type": "integer" } }, @@ -157,20 +191,26 @@ } }, "tls": { + "description": "TLS defines the TLS configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls", "type": "object", "properties": { "certResolver": { + "description": "CertResolver defines the name of the certificate resolver to use.\nCert resolvers have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers", "type": "string" }, "domains": { + "description": "Domains defines the list of domains that will be used to issue certificates.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains", "type": "array", "items": { + "description": "Domain holds a domain name with SANs.", "type": "object", "properties": { "main": { + "description": "Main defines the main domain name.", "type": "string" }, "sans": { + "description": "SANs defines the subject alternative domain names.", "type": "array", "items": { "type": "string" @@ -181,33 +221,40 @@ } }, "options": { + "description": "Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.\nIf not defined, the `default` TLSOption is used.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name defines the name of the referenced TLSOption.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced TLSOption.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption", "type": "string" } }, "additionalProperties": false }, "secretName": { + "description": "SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.", "type": "string" }, "store": { + "description": "Store defines the reference to the TLSStore, that will be used to store certificates.\nPlease note that only `default` TLSStore can be used.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name defines the name of the referenced TLSStore.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced TLSStore.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore", "type": "string" } }, diff --git a/schema/traefik.containo.us/ingressroutetcp_v1alpha1.json b/schema/traefik.containo.us/ingressroutetcp_v1alpha1.json index 2e1eaba57..4a62f4dcf 100644 --- a/schema/traefik.containo.us/ingressroutetcp_v1alpha1.json +++ b/schema/traefik.containo.us/ingressroutetcp_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "IngressRouteTCP is the CRD implementation of a Traefik TCP Router.", "type": "object", "required": [ "metadata", @@ -6,49 +7,60 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IngressRouteTCPSpec defines the desired state of IngressRouteTCP.", "type": "object", "required": [ "routes" ], "properties": { "entryPoints": { + "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/\nDefault: all.", "type": "array", "items": { "type": "string" } }, "routes": { + "description": "Routes defines the list of routes.", "type": "array", "items": { + "description": "RouteTCP holds the TCP route configuration.", "type": "object", "required": [ "match" ], "properties": { "match": { + "description": "Match defines the router's rule.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1", "type": "string" }, "middlewares": { + "description": "Middlewares defines the list of references to MiddlewareTCP resources.", "type": "array", "items": { + "description": "ObjectReference is a generic reference to a Traefik resource.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name defines the name of the referenced Traefik resource.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Traefik resource.", "type": "string" } }, @@ -56,11 +68,14 @@ } }, "priority": { + "description": "Priority defines the router's priority.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1", "type": "integer" }, "services": { + "description": "Services defines the list of TCP services.", "type": "array", "items": { + "description": "ServiceTCP defines an upstream TCP service to proxy traffic to.", "type": "object", "required": [ "name", @@ -68,15 +83,19 @@ ], "properties": { "name": { + "description": "Name defines the name of the referenced Kubernetes Service.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Kubernetes Service.", "type": "string" }, "nativeLB": { + "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, "port": { + "description": "Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port.", "anyOf": [ { "type": "integer" @@ -88,18 +107,22 @@ "x-kubernetes-int-or-string": true }, "proxyProtocol": { + "description": "ProxyProtocol defines the PROXY protocol configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol", "type": "object", "properties": { "version": { + "description": "Version defines the PROXY Protocol version to use.", "type": "integer" } }, "additionalProperties": false }, "terminationDelay": { + "description": "TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates\nit has closed the writing capability of its connection, to close the reading capability as well,\nhence fully terminating the connection.\nIt is a duration in milliseconds, defaulting to 100.\nA negative value means an infinite deadline (i.e. the reading capability is never closed).", "type": "integer" }, "weight": { + "description": "Weight defines the weight used when balancing requests between multiple Kubernetes Service.", "type": "integer" } }, @@ -111,20 +134,26 @@ } }, "tls": { + "description": "TLS defines the TLS configuration on a layer 4 / TCP Route.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1", "type": "object", "properties": { "certResolver": { + "description": "CertResolver defines the name of the certificate resolver to use.\nCert resolvers have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers", "type": "string" }, "domains": { + "description": "Domains defines the list of domains that will be used to issue certificates.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains", "type": "array", "items": { + "description": "Domain holds a domain name with SANs.", "type": "object", "properties": { "main": { + "description": "Main defines the main domain name.", "type": "string" }, "sans": { + "description": "SANs defines the subject alternative domain names.", "type": "array", "items": { "type": "string" @@ -135,36 +164,44 @@ } }, "options": { + "description": "Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.\nIf not defined, the `default` TLSOption is used.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name defines the name of the referenced Traefik resource.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Traefik resource.", "type": "string" } }, "additionalProperties": false }, "passthrough": { + "description": "Passthrough defines whether a TLS router will terminate the TLS connection.", "type": "boolean" }, "secretName": { + "description": "SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.", "type": "string" }, "store": { + "description": "Store defines the reference to the TLSStore, that will be used to store certificates.\nPlease note that only `default` TLSStore can be used.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name defines the name of the referenced Traefik resource.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Traefik resource.", "type": "string" } }, diff --git a/schema/traefik.containo.us/ingressrouteudp_v1alpha1.json b/schema/traefik.containo.us/ingressrouteudp_v1alpha1.json index c3c654e5e..75524bdee 100644 --- a/schema/traefik.containo.us/ingressrouteudp_v1alpha1.json +++ b/schema/traefik.containo.us/ingressrouteudp_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "IngressRouteUDP is a CRD implementation of a Traefik UDP Router.", "type": "object", "required": [ "metadata", @@ -6,34 +7,42 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.", "type": "object", "required": [ "routes" ], "properties": { "entryPoints": { + "description": "EntryPoints defines the list of entry point names to bind to.\nEntry points have to be configured in the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/\nDefault: all.", "type": "array", "items": { "type": "string" } }, "routes": { + "description": "Routes defines the list of routes.", "type": "array", "items": { + "description": "RouteUDP holds the UDP route configuration.", "type": "object", "properties": { "services": { + "description": "Services defines the list of UDP services.", "type": "array", "items": { + "description": "ServiceUDP defines an upstream UDP service to proxy traffic to.", "type": "object", "required": [ "name", @@ -41,15 +50,19 @@ ], "properties": { "name": { + "description": "Name defines the name of the referenced Kubernetes Service.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Kubernetes Service.", "type": "string" }, "nativeLB": { + "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, "port": { + "description": "Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port.", "anyOf": [ { "type": "integer" @@ -61,6 +74,7 @@ "x-kubernetes-int-or-string": true }, "weight": { + "description": "Weight defines the weight used when balancing requests between multiple Kubernetes Service.", "type": "integer" } }, diff --git a/schema/traefik.containo.us/middleware_v1alpha1.json b/schema/traefik.containo.us/middleware_v1alpha1.json index b362abcf3..f7eb3db67 100644 --- a/schema/traefik.containo.us/middleware_v1alpha1.json +++ b/schema/traefik.containo.us/middleware_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "Middleware is the CRD implementation of a Traefik Middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/", "type": "object", "required": [ "metadata", @@ -6,84 +7,105 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "MiddlewareSpec defines the desired state of a Middleware.", "type": "object", "properties": { "addPrefix": { + "description": "AddPrefix holds the add prefix middleware configuration.\nThis middleware updates the path of a request before forwarding it.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/", "type": "object", "properties": { "prefix": { + "description": "Prefix is the string to add before the current path in the requested URL.\nIt should include a leading slash (/).", "type": "string" } }, "additionalProperties": false }, "basicAuth": { + "description": "BasicAuth holds the basic auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/", "type": "object", "properties": { "headerField": { + "description": "HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield", "type": "string" }, "realm": { + "description": "Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.\nDefault: traefik.", "type": "string" }, "removeHeader": { + "description": "RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.\nDefault: false.", "type": "boolean" }, "secret": { + "description": "Secret is the name of the referenced Kubernetes Secret containing user credentials.", "type": "string" } }, "additionalProperties": false }, "buffering": { + "description": "Buffering holds the buffering middleware configuration.\nThis middleware retries or limits the size of requests that can be forwarded to backends.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes", "type": "object", "properties": { "maxRequestBodyBytes": { + "description": "MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).\nIf the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.\nDefault: 0 (no maximum).", "type": "integer", "format": "int64" }, "maxResponseBodyBytes": { + "description": "MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).\nIf the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.\nDefault: 0 (no maximum).", "type": "integer", "format": "int64" }, "memRequestBodyBytes": { + "description": "MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.\nDefault: 1048576 (1Mi).", "type": "integer", "format": "int64" }, "memResponseBodyBytes": { + "description": "MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.\nDefault: 1048576 (1Mi).", "type": "integer", "format": "int64" }, "retryExpression": { + "description": "RetryExpression defines the retry conditions.\nIt is a logical combination of functions with operators AND (\u0026\u0026) and OR (||).\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression", "type": "string" } }, "additionalProperties": false }, "chain": { + "description": "Chain holds the configuration of the chain middleware.\nThis middleware enables to define reusable combinations of other pieces of middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/", "type": "object", "properties": { "middlewares": { + "description": "Middlewares is the list of MiddlewareRef which composes the chain.", "type": "array", "items": { + "description": "MiddlewareRef is a reference to a Middleware resource.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name defines the name of the referenced Middleware resource.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Middleware resource.", "type": "string" } }, @@ -94,9 +116,11 @@ "additionalProperties": false }, "circuitBreaker": { + "description": "CircuitBreaker holds the circuit breaker configuration.", "type": "object", "properties": { "checkPeriod": { + "description": "CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state).", "anyOf": [ { "type": "integer" @@ -108,9 +132,11 @@ "x-kubernetes-int-or-string": true }, "expression": { + "description": "Expression is the condition that triggers the tripped state.", "type": "string" }, "fallbackDuration": { + "description": "FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state).", "anyOf": [ { "type": "integer" @@ -122,6 +148,7 @@ "x-kubernetes-int-or-string": true }, "recoveryDuration": { + "description": "RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).", "anyOf": [ { "type": "integer" @@ -136,60 +163,74 @@ "additionalProperties": false }, "compress": { + "description": "Compress holds the compress middleware configuration.\nThis middleware compresses responses before sending them to the client, using gzip compression.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/", "type": "object", "properties": { "excludedContentTypes": { + "description": "ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.", "type": "array", "items": { "type": "string" } }, "minResponseBodyBytes": { + "description": "MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.\nDefault: 1024.", "type": "integer" } }, "additionalProperties": false }, "contentType": { + "description": "ContentType holds the content-type middleware configuration.\nThis middleware exists to enable the correct behavior until at least the default one can be changed in a future version.", "type": "object", "properties": { "autoDetect": { + "description": "AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,\nbe automatically set to a value derived from the contents of the response.\nAs a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.\nHowever, the historic default was to always auto-detect and set the header if it was nil,\nand it is going to be kept that way in order to support users currently relying on it.", "type": "boolean" } }, "additionalProperties": false }, "digestAuth": { + "description": "DigestAuth holds the digest auth middleware configuration.\nThis middleware restricts access to your services to known users.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/", "type": "object", "properties": { "headerField": { + "description": "HeaderField defines a header field to store the authenticated user.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield", "type": "string" }, "realm": { + "description": "Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.\nDefault: traefik.", "type": "string" }, "removeHeader": { + "description": "RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.", "type": "boolean" }, "secret": { + "description": "Secret is the name of the referenced Kubernetes Secret containing user credentials.", "type": "string" } }, "additionalProperties": false }, "errors": { + "description": "ErrorPage holds the custom error middleware configuration.\nThis middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/", "type": "object", "properties": { "query": { + "description": "Query defines the URL for the error page (hosted by service).\nThe {status} variable can be used in order to insert the status code in the URL.", "type": "string" }, "service": { + "description": "Service defines the reference to a Kubernetes Service that will serve the error page.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service", "type": "object", "required": [ "name" ], "properties": { "kind": { + "description": "Kind defines the kind of the Service.", "type": "string", "enum": [ "Service", @@ -197,18 +238,23 @@ ] }, "name": { + "description": "Name defines the name of the referenced Kubernetes Service or TraefikService.\nThe differentiation between the two is specified in the Kind field.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.", "type": "string" }, "nativeLB": { + "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, "passHostHeader": { + "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" }, "port": { + "description": "Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port.", "anyOf": [ { "type": "integer" @@ -220,36 +266,46 @@ "x-kubernetes-int-or-string": true }, "responseForwarding": { + "description": "ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.", "type": "object", "properties": { "flushInterval": { + "description": "FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.\nA negative value means to flush immediately after each write to the client.\nThis configuration is ignored when ReverseProxy recognizes a response as a streaming response;\nfor such responses, writes are flushed to the client immediately.\nDefault: 100ms", "type": "string" } }, "additionalProperties": false }, "scheme": { + "description": "Scheme defines the scheme to use for the request to the upstream Kubernetes Service.\nIt defaults to https when Kubernetes Service port is 443, http otherwise.", "type": "string" }, "serversTransport": { + "description": "ServersTransport defines the name of ServersTransport resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service.", "type": "string" }, "sticky": { + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", "type": "object", "properties": { "cookie": { + "description": "Cookie defines the sticky cookie configuration.", "type": "object", "properties": { "httpOnly": { + "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, "name": { + "description": "Name defines the Cookie name.", "type": "string" }, "sameSite": { + "description": "SameSite defines the same site policy.\nMore info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite", "type": "string" }, "secure": { + "description": "Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).", "type": "boolean" } }, @@ -259,15 +315,18 @@ "additionalProperties": false }, "strategy": { + "description": "Strategy defines the load balancing strategy between the servers.\nRoundRobin is the only supported value at the moment.", "type": "string" }, "weight": { + "description": "Weight defines the weight and should only be specified when Name references a TraefikService object\n(and to be precise, one that embeds a Weighted Round Robin).", "type": "integer" } }, "additionalProperties": false }, "status": { + "description": "Status defines which status or range of statuses should result in an error page.\nIt can be either a status code as a number (500),\nas multiple comma-separated numbers (500,502),\nas ranges by separating two codes with a dash (500-599),\nor a combination of the two (404,418,500-599).", "type": "array", "items": { "type": "string" @@ -277,178 +336,221 @@ "additionalProperties": false }, "forwardAuth": { + "description": "ForwardAuth holds the forward auth middleware configuration.\nThis middleware delegates the request authentication to a Service.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/", "type": "object", "properties": { "address": { + "description": "Address defines the authentication server address.", "type": "string" }, "authRequestHeaders": { + "description": "AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.\nIf not set or empty then all request headers are passed.", "type": "array", "items": { "type": "string" } }, "authResponseHeaders": { + "description": "AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.", "type": "array", "items": { "type": "string" } }, "authResponseHeadersRegex": { + "description": "AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex", "type": "string" }, "tls": { + "description": "TLS defines the configuration used to secure the connection to the authentication server.", "type": "object", "properties": { "caOptional": { "type": "boolean" }, "caSecret": { + "description": "CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.\nThe CA certificate is extracted from key `tls.ca` or `ca.crt`.", "type": "string" }, "certSecret": { + "description": "CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.\nThe client certificate is extracted from the keys `tls.crt` and `tls.key`.", "type": "string" }, "insecureSkipVerify": { + "description": "InsecureSkipVerify defines whether the server certificates should be validated.", "type": "boolean" } }, "additionalProperties": false }, "trustForwardHeader": { + "description": "TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.", "type": "boolean" } }, "additionalProperties": false }, "headers": { + "description": "Headers holds the headers middleware configuration.\nThis middleware manages the requests and responses headers.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders", "type": "object", "properties": { "accessControlAllowCredentials": { + "description": "AccessControlAllowCredentials defines whether the request can include user credentials.", "type": "boolean" }, "accessControlAllowHeaders": { + "description": "AccessControlAllowHeaders defines the Access-Control-Request-Headers values sent in preflight response.", "type": "array", "items": { "type": "string" } }, "accessControlAllowMethods": { + "description": "AccessControlAllowMethods defines the Access-Control-Request-Method values sent in preflight response.", "type": "array", "items": { "type": "string" } }, "accessControlAllowOriginList": { + "description": "AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin \"*\".", "type": "array", "items": { "type": "string" } }, "accessControlAllowOriginListRegex": { + "description": "AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).", "type": "array", "items": { "type": "string" } }, "accessControlExposeHeaders": { + "description": "AccessControlExposeHeaders defines the Access-Control-Expose-Headers values sent in preflight response.", "type": "array", "items": { "type": "string" } }, "accessControlMaxAge": { + "description": "AccessControlMaxAge defines the time that a preflight request may be cached.", "type": "integer", "format": "int64" }, "addVaryHeader": { + "description": "AddVaryHeader defines whether the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.", "type": "boolean" }, "allowedHosts": { + "description": "AllowedHosts defines the fully qualified list of allowed domain names.", "type": "array", "items": { "type": "string" } }, "browserXssFilter": { + "description": "BrowserXSSFilter defines whether to add the X-XSS-Protection header with the value 1; mode=block.", "type": "boolean" }, "contentSecurityPolicy": { + "description": "ContentSecurityPolicy defines the Content-Security-Policy header value.", "type": "string" }, "contentTypeNosniff": { + "description": "ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value.", "type": "boolean" }, "customBrowserXSSValue": { + "description": "CustomBrowserXSSValue defines the X-XSS-Protection header value.\nThis overrides the BrowserXssFilter option.", "type": "string" }, "customFrameOptionsValue": { + "description": "CustomFrameOptionsValue defines the X-Frame-Options header value.\nThis overrides the FrameDeny option.", "type": "string" }, "customRequestHeaders": { + "description": "CustomRequestHeaders defines the header names and values to apply to the request.", "type": "object", "additionalProperties": { "type": "string" } }, "customResponseHeaders": { + "description": "CustomResponseHeaders defines the header names and values to apply to the response.", "type": "object", "additionalProperties": { "type": "string" } }, "featurePolicy": { + "description": "Deprecated: use PermissionsPolicy instead.", "type": "string" }, "forceSTSHeader": { + "description": "ForceSTSHeader defines whether to add the STS header even when the connection is HTTP.", "type": "boolean" }, "frameDeny": { + "description": "FrameDeny defines whether to add the X-Frame-Options header with the DENY value.", "type": "boolean" }, "hostsProxyHeaders": { + "description": "HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.", "type": "array", "items": { "type": "string" } }, "isDevelopment": { + "description": "IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.\nUsually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.\nIf you would like your development environment to mimic production with complete Host blocking, SSL redirects,\nand STS headers, leave this as false.", "type": "boolean" }, "permissionsPolicy": { + "description": "PermissionsPolicy defines the Permissions-Policy header value.\nThis allows sites to control browser features.", "type": "string" }, "publicKey": { + "description": "PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates.", "type": "string" }, "referrerPolicy": { + "description": "ReferrerPolicy defines the Referrer-Policy header value.\nThis allows sites to control whether browsers forward the Referer header to other sites.", "type": "string" }, "sslForceHost": { + "description": "Deprecated: use RedirectRegex instead.", "type": "boolean" }, "sslHost": { + "description": "Deprecated: use RedirectRegex instead.", "type": "string" }, "sslProxyHeaders": { + "description": "SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.\nIt can be useful when using other proxies (example: \"X-Forwarded-Proto\": \"https\").", "type": "object", "additionalProperties": { "type": "string" } }, "sslRedirect": { + "description": "Deprecated: use EntryPoint redirection or RedirectScheme instead.", "type": "boolean" }, "sslTemporaryRedirect": { + "description": "Deprecated: use EntryPoint redirection or RedirectScheme instead.", "type": "boolean" }, "stsIncludeSubdomains": { + "description": "STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header.", "type": "boolean" }, "stsPreload": { + "description": "STSPreload defines whether the preload flag is appended to the Strict-Transport-Security header.", "type": "boolean" }, "stsSeconds": { + "description": "STSSeconds defines the max-age of the Strict-Transport-Security header.\nIf set to 0, the header is not set.", "type": "integer", "format": "int64" } @@ -456,22 +558,28 @@ "additionalProperties": false }, "inFlightReq": { + "description": "InFlightReq holds the in-flight request middleware configuration.\nThis middleware limits the number of requests being processed and served concurrently.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/", "type": "object", "properties": { "amount": { + "description": "Amount defines the maximum amount of allowed simultaneous in-flight request.\nThe middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).", "type": "integer", "format": "int64" }, "sourceCriterion": { + "description": "SourceCriterion defines what criterion is used to group requests as originating from a common source.\nIf several strategies are defined at the same time, an error will be raised.\nIf none are set, the default is to use the requestHost.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion", "type": "object", "properties": { "ipStrategy": { + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", "type": "object", "properties": { "depth": { + "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", "type": "integer" }, "excludedIPs": { + "description": "ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.", "type": "array", "items": { "type": "string" @@ -481,9 +589,11 @@ "additionalProperties": false }, "requestHeaderName": { + "description": "RequestHeaderName defines the name of the header used to group incoming requests.", "type": "string" }, "requestHost": { + "description": "RequestHost defines whether to consider the request Host as the source.", "type": "boolean" } }, @@ -493,15 +603,19 @@ "additionalProperties": false }, "ipAllowList": { + "description": "IPAllowList holds the IP allowlist middleware configuration.\nThis middleware accepts / refuses requests based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/", "type": "object", "properties": { "ipStrategy": { + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", "type": "object", "properties": { "depth": { + "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", "type": "integer" }, "excludedIPs": { + "description": "ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.", "type": "array", "items": { "type": "string" @@ -511,6 +625,7 @@ "additionalProperties": false }, "sourceRange": { + "description": "SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).", "type": "array", "items": { "type": "string" @@ -520,15 +635,19 @@ "additionalProperties": false }, "ipWhiteList": { + "description": "IPWhiteList holds the IP whitelist middleware configuration.\nThis middleware accepts / refuses requests based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/\nDeprecated: please use IPAllowList instead.", "type": "object", "properties": { "ipStrategy": { + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", "type": "object", "properties": { "depth": { + "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", "type": "integer" }, "excludedIPs": { + "description": "ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.", "type": "array", "items": { "type": "string" @@ -538,6 +657,7 @@ "additionalProperties": false }, "sourceRange": { + "description": "SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).", "type": "array", "items": { "type": "string" @@ -547,75 +667,98 @@ "additionalProperties": false }, "passTLSClientCert": { + "description": "PassTLSClientCert holds the pass TLS client cert middleware configuration.\nThis middleware adds the selected data from the passed client TLS certificate to a header.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/", "type": "object", "properties": { "info": { + "description": "Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.", "type": "object", "properties": { "issuer": { + "description": "Issuer defines the client certificate issuer details to add to the X-Forwarded-Tls-Client-Cert-Info header.", "type": "object", "properties": { "commonName": { + "description": "CommonName defines whether to add the organizationalUnit information into the issuer.", "type": "boolean" }, "country": { + "description": "Country defines whether to add the country information into the issuer.", "type": "boolean" }, "domainComponent": { + "description": "DomainComponent defines whether to add the domainComponent information into the issuer.", "type": "boolean" }, "locality": { + "description": "Locality defines whether to add the locality information into the issuer.", "type": "boolean" }, "organization": { + "description": "Organization defines whether to add the organization information into the issuer.", "type": "boolean" }, "province": { + "description": "Province defines whether to add the province information into the issuer.", "type": "boolean" }, "serialNumber": { + "description": "SerialNumber defines whether to add the serialNumber information into the issuer.", "type": "boolean" } }, "additionalProperties": false }, "notAfter": { + "description": "NotAfter defines whether to add the Not After information from the Validity part.", "type": "boolean" }, "notBefore": { + "description": "NotBefore defines whether to add the Not Before information from the Validity part.", "type": "boolean" }, "sans": { + "description": "Sans defines whether to add the Subject Alternative Name information from the Subject Alternative Name part.", "type": "boolean" }, "serialNumber": { + "description": "SerialNumber defines whether to add the client serialNumber information.", "type": "boolean" }, "subject": { + "description": "Subject defines the client certificate subject details to add to the X-Forwarded-Tls-Client-Cert-Info header.", "type": "object", "properties": { "commonName": { + "description": "CommonName defines whether to add the organizationalUnit information into the subject.", "type": "boolean" }, "country": { + "description": "Country defines whether to add the country information into the subject.", "type": "boolean" }, "domainComponent": { + "description": "DomainComponent defines whether to add the domainComponent information into the subject.", "type": "boolean" }, "locality": { + "description": "Locality defines whether to add the locality information into the subject.", "type": "boolean" }, "organization": { + "description": "Organization defines whether to add the organization information into the subject.", "type": "boolean" }, "organizationalUnit": { + "description": "OrganizationalUnit defines whether to add the organizationalUnit information into the subject.", "type": "boolean" }, "province": { + "description": "Province defines whether to add the province information into the subject.", "type": "boolean" }, "serialNumber": { + "description": "SerialNumber defines whether to add the serialNumber information into the subject.", "type": "boolean" } }, @@ -625,29 +768,35 @@ "additionalProperties": false }, "pem": { + "description": "PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.", "type": "boolean" } }, "additionalProperties": false }, "plugin": { + "description": "Plugin defines the middleware plugin configuration.\nMore info: https://doc.traefik.io/traefik/plugins/", "type": "object", "additionalProperties": { "x-kubernetes-preserve-unknown-fields": true } }, "rateLimit": { + "description": "RateLimit holds the rate limit configuration.\nThis middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/", "type": "object", "properties": { "average": { + "description": "Average is the maximum rate, by default in requests/s, allowed for the given source.\nIt defaults to 0, which means no rate limiting.\nThe rate is actually defined by dividing Average by Period. So for a rate below 1req/s,\none needs to define a Period larger than a second.", "type": "integer", "format": "int64" }, "burst": { + "description": "Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.\nIt defaults to 1.", "type": "integer", "format": "int64" }, "period": { + "description": "Period, in combination with Average, defines the actual maximum rate, such as:\nr = Average / Period. It defaults to a second.", "anyOf": [ { "type": "integer" @@ -659,15 +808,19 @@ "x-kubernetes-int-or-string": true }, "sourceCriterion": { + "description": "SourceCriterion defines what criterion is used to group requests as originating from a common source.\nIf several strategies are defined at the same time, an error will be raised.\nIf none are set, the default is to use the request's remote address field (as an ipStrategy).", "type": "object", "properties": { "ipStrategy": { + "description": "IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy", "type": "object", "properties": { "depth": { + "description": "Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).", "type": "integer" }, "excludedIPs": { + "description": "ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.", "type": "array", "items": { "type": "string" @@ -677,9 +830,11 @@ "additionalProperties": false }, "requestHeaderName": { + "description": "RequestHeaderName defines the name of the header used to group incoming requests.", "type": "string" }, "requestHost": { + "description": "RequestHost defines whether to consider the request Host as the source.", "type": "boolean" } }, @@ -689,63 +844,79 @@ "additionalProperties": false }, "redirectRegex": { + "description": "RedirectRegex holds the redirect regex middleware configuration.\nThis middleware redirects a request using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex", "type": "object", "properties": { "permanent": { + "description": "Permanent defines whether the redirection is permanent (301).", "type": "boolean" }, "regex": { + "description": "Regex defines the regex used to match and capture elements from the request URL.", "type": "string" }, "replacement": { + "description": "Replacement defines how to modify the URL to have the new target URL.", "type": "string" } }, "additionalProperties": false }, "redirectScheme": { + "description": "RedirectScheme holds the redirect scheme middleware configuration.\nThis middleware redirects requests from a scheme/port to another.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/", "type": "object", "properties": { "permanent": { + "description": "Permanent defines whether the redirection is permanent (301).", "type": "boolean" }, "port": { + "description": "Port defines the port of the new URL.", "type": "string" }, "scheme": { + "description": "Scheme defines the scheme of the new URL.", "type": "string" } }, "additionalProperties": false }, "replacePath": { + "description": "ReplacePath holds the replace path middleware configuration.\nThis middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/", "type": "object", "properties": { "path": { + "description": "Path defines the path to use as replacement in the request URL.", "type": "string" } }, "additionalProperties": false }, "replacePathRegex": { + "description": "ReplacePathRegex holds the replace path regex middleware configuration.\nThis middleware replaces the path of a URL using regex matching and replacement.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/", "type": "object", "properties": { "regex": { + "description": "Regex defines the regular expression used to match and capture the path from the request URL.", "type": "string" }, "replacement": { + "description": "Replacement defines the replacement path format, which can include captured variables.", "type": "string" } }, "additionalProperties": false }, "retry": { + "description": "Retry holds the retry middleware configuration.\nThis middleware reissues requests a given number of times to a backend server if that server does not reply.\nAs soon as the server answers, the middleware stops retrying, regardless of the response status.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/", "type": "object", "properties": { "attempts": { + "description": "Attempts defines how many times the request should be retried.", "type": "integer" }, "initialInterval": { + "description": "InitialInterval defines the first wait time in the exponential backoff series.\nThe maximum interval is calculated as twice the initialInterval.\nIf unspecified, requests will be retried immediately.\nThe value of initialInterval should be provided in seconds or as a valid duration format,\nsee https://pkg.go.dev/time#ParseDuration.", "anyOf": [ { "type": "integer" @@ -760,12 +931,15 @@ "additionalProperties": false }, "stripPrefix": { + "description": "StripPrefix holds the strip prefix middleware configuration.\nThis middleware removes the specified prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/", "type": "object", "properties": { "forceSlash": { + "description": "ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.\nDefault: true.", "type": "boolean" }, "prefixes": { + "description": "Prefixes defines the prefixes to strip from the request URL.", "type": "array", "items": { "type": "string" @@ -775,9 +949,11 @@ "additionalProperties": false }, "stripPrefixRegex": { + "description": "StripPrefixRegex holds the strip prefix regex middleware configuration.\nThis middleware removes the matching prefixes from the URL path.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/", "type": "object", "properties": { "regex": { + "description": "Regex defines the regular expression to match the path prefix from the request URL.", "type": "array", "items": { "type": "string" diff --git a/schema/traefik.containo.us/middlewaretcp_v1alpha1.json b/schema/traefik.containo.us/middlewaretcp_v1alpha1.json index c74f1a255..5cf7d08b9 100644 --- a/schema/traefik.containo.us/middlewaretcp_v1alpha1.json +++ b/schema/traefik.containo.us/middlewaretcp_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/", "type": "object", "required": [ "metadata", @@ -6,21 +7,26 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.", "type": "object", "properties": { "inFlightConn": { + "description": "InFlightConn defines the InFlightConn middleware configuration.", "type": "object", "properties": { "amount": { + "description": "Amount defines the maximum amount of allowed simultaneous connections.\nThe middleware closes the connection if there are already amount connections opened.", "type": "integer", "format": "int64" } @@ -28,9 +34,11 @@ "additionalProperties": false }, "ipAllowList": { + "description": "IPAllowList defines the IPAllowList middleware configuration.\nThis middleware accepts/refuses connections based on the client IP.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/", "type": "object", "properties": { "sourceRange": { + "description": "SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).", "type": "array", "items": { "type": "string" @@ -40,9 +48,11 @@ "additionalProperties": false }, "ipWhiteList": { + "description": "IPWhiteList defines the IPWhiteList middleware configuration.\nThis middleware accepts/refuses connections based on the client IP.\nDeprecated: please use IPAllowList instead.\nMore info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/", "type": "object", "properties": { "sourceRange": { + "description": "SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).", "type": "array", "items": { "type": "string" diff --git a/schema/traefik.containo.us/serverstransport_v1alpha1.json b/schema/traefik.containo.us/serverstransport_v1alpha1.json index 22d6f7533..e52803f52 100644 --- a/schema/traefik.containo.us/serverstransport_v1alpha1.json +++ b/schema/traefik.containo.us/serverstransport_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "ServersTransport is the CRD implementation of a ServersTransport.\nIf no serversTransport is specified, the default@internal will be used.\nThe default@internal serversTransport is created from the static configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1", "type": "object", "required": [ "metadata", @@ -6,30 +7,37 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "ServersTransportSpec defines the desired state of a ServersTransport.", "type": "object", "properties": { "certificatesSecrets": { + "description": "CertificatesSecrets defines a list of secret storing client certificates for mTLS.", "type": "array", "items": { "type": "string" } }, "disableHTTP2": { + "description": "DisableHTTP2 disables HTTP/2 for connections with backend servers.", "type": "boolean" }, "forwardingTimeouts": { + "description": "ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers.", "type": "object", "properties": { "dialTimeout": { + "description": "DialTimeout is the amount of time to wait until a connection to a backend server can be established.", "anyOf": [ { "type": "integer" @@ -41,6 +49,7 @@ "x-kubernetes-int-or-string": true }, "idleConnTimeout": { + "description": "IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself.", "anyOf": [ { "type": "integer" @@ -52,6 +61,7 @@ "x-kubernetes-int-or-string": true }, "pingTimeout": { + "description": "PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.", "anyOf": [ { "type": "integer" @@ -63,6 +73,7 @@ "x-kubernetes-int-or-string": true }, "readIdleTimeout": { + "description": "ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.", "anyOf": [ { "type": "integer" @@ -74,6 +85,7 @@ "x-kubernetes-int-or-string": true }, "responseHeaderTimeout": { + "description": "ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any).", "anyOf": [ { "type": "integer" @@ -88,21 +100,26 @@ "additionalProperties": false }, "insecureSkipVerify": { + "description": "InsecureSkipVerify disables SSL certificate verification.", "type": "boolean" }, "maxIdleConnsPerHost": { + "description": "MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.", "type": "integer" }, "peerCertURI": { + "description": "PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.", "type": "string" }, "rootCAsSecrets": { + "description": "RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.", "type": "array", "items": { "type": "string" } }, "serverName": { + "description": "ServerName defines the server name used to contact the server.", "type": "string" } }, diff --git a/schema/traefik.containo.us/tlsoption_v1alpha1.json b/schema/traefik.containo.us/tlsoption_v1alpha1.json index 16aba3d40..1d2f5e92f 100644 --- a/schema/traefik.containo.us/tlsoption_v1alpha1.json +++ b/schema/traefik.containo.us/tlsoption_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options", "type": "object", "required": [ "metadata", @@ -6,33 +7,40 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "TLSOptionSpec defines the desired state of a TLSOption.", "type": "object", "properties": { "alpnProtocols": { + "description": "ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols", "type": "array", "items": { "type": "string" } }, "cipherSuites": { + "description": "CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites", "type": "array", "items": { "type": "string" } }, "clientAuth": { + "description": "ClientAuth defines the server's policy for TLS Client Authentication.", "type": "object", "properties": { "clientAuthType": { + "description": "ClientAuthType defines the client authentication type to apply.", "type": "string", "enum": [ "NoClientCert", @@ -43,6 +51,7 @@ ] }, "secretNames": { + "description": "SecretNames defines the names of the referenced Kubernetes Secret storing certificate details.", "type": "array", "items": { "type": "string" @@ -52,21 +61,26 @@ "additionalProperties": false }, "curvePreferences": { + "description": "CurvePreferences defines the preferred elliptic curves in a specific order.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences", "type": "array", "items": { "type": "string" } }, "maxVersion": { + "description": "MaxVersion defines the maximum TLS version that Traefik will accept.\nPossible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.\nDefault: None.", "type": "string" }, "minVersion": { + "description": "MinVersion defines the minimum TLS version that Traefik will accept.\nPossible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.\nDefault: VersionTLS10.", "type": "string" }, "preferServerCipherSuites": { + "description": "PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.\nIt is enabled automatically when minVersion or maxVersion is set.\nDeprecated: https://github.com/golang/go/issues/45430", "type": "boolean" }, "sniStrict": { + "description": "SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.", "type": "boolean" } }, diff --git a/schema/traefik.containo.us/tlsstore_v1alpha1.json b/schema/traefik.containo.us/tlsstore_v1alpha1.json index cc35b55f0..7680cbc74 100644 --- a/schema/traefik.containo.us/tlsstore_v1alpha1.json +++ b/schema/traefik.containo.us/tlsstore_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "TLSStore is the CRD implementation of a Traefik TLS Store.\nFor the time being, only the TLSStore named default is supported.\nThis means that you cannot have two stores that are named default in different Kubernetes namespaces.\nMore info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores", "type": "object", "required": [ "metadata", @@ -6,26 +7,32 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "TLSStoreSpec defines the desired state of a TLSStore.", "type": "object", "properties": { "certificates": { + "description": "Certificates is a list of secret names, each secret holding a key/certificate pair to add to the store.", "type": "array", "items": { + "description": "Certificate holds a secret name for the TLSStore resource.", "type": "object", "required": [ "secretName" ], "properties": { "secretName": { + "description": "SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.", "type": "string" } }, @@ -33,27 +40,33 @@ } }, "defaultCertificate": { + "description": "DefaultCertificate defines the default certificate configuration.", "type": "object", "required": [ "secretName" ], "properties": { "secretName": { + "description": "SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.", "type": "string" } }, "additionalProperties": false }, "defaultGeneratedCert": { + "description": "DefaultGeneratedCert defines the default generated certificate configuration.", "type": "object", "properties": { "domain": { + "description": "Domain is the domain definition for the DefaultCertificate.", "type": "object", "properties": { "main": { + "description": "Main defines the main domain name.", "type": "string" }, "sans": { + "description": "SANs defines the subject alternative domain names.", "type": "array", "items": { "type": "string" @@ -63,6 +76,7 @@ "additionalProperties": false }, "resolver": { + "description": "Resolver is the name of the resolver that will be used to issue the DefaultCertificate.", "type": "string" } }, diff --git a/schema/traefik.containo.us/traefikservice_v1alpha1.json b/schema/traefik.containo.us/traefikservice_v1alpha1.json index 93e9510a3..0b1d9bbaa 100644 --- a/schema/traefik.containo.us/traefikservice_v1alpha1.json +++ b/schema/traefik.containo.us/traefikservice_v1alpha1.json @@ -1,4 +1,5 @@ { + "description": "TraefikService is the CRD implementation of a Traefik Service.\nTraefikService object allows to:\n- Apply weight to Services on load-balancing\n- Mirror traffic on services\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice", "type": "object", "required": [ "metadata", @@ -6,24 +7,29 @@ ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "TraefikServiceSpec defines the desired state of a TraefikService.", "type": "object", "properties": { "mirroring": { + "description": "Mirroring defines the Mirroring service configuration.", "type": "object", "required": [ "name" ], "properties": { "kind": { + "description": "Kind defines the kind of the Service.", "type": "string", "enum": [ "Service", @@ -31,18 +37,22 @@ ] }, "maxBodySize": { + "description": "MaxBodySize defines the maximum size allowed for the body of the request.\nIf the body is larger, the request is not mirrored.\nDefault value is -1, which means unlimited size.", "type": "integer", "format": "int64" }, "mirrors": { + "description": "Mirrors defines the list of mirrors where Traefik will duplicate the traffic.", "type": "array", "items": { + "description": "MirrorService holds the mirror configuration.", "type": "object", "required": [ "name" ], "properties": { "kind": { + "description": "Kind defines the kind of the Service.", "type": "string", "enum": [ "Service", @@ -50,21 +60,27 @@ ] }, "name": { + "description": "Name defines the name of the referenced Kubernetes Service or TraefikService.\nThe differentiation between the two is specified in the Kind field.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.", "type": "string" }, "nativeLB": { + "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, "passHostHeader": { + "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" }, "percent": { + "description": "Percent defines the part of the traffic to mirror.\nSupported values: 0 to 100.", "type": "integer" }, "port": { + "description": "Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port.", "anyOf": [ { "type": "integer" @@ -76,36 +92,46 @@ "x-kubernetes-int-or-string": true }, "responseForwarding": { + "description": "ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.", "type": "object", "properties": { "flushInterval": { + "description": "FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.\nA negative value means to flush immediately after each write to the client.\nThis configuration is ignored when ReverseProxy recognizes a response as a streaming response;\nfor such responses, writes are flushed to the client immediately.\nDefault: 100ms", "type": "string" } }, "additionalProperties": false }, "scheme": { + "description": "Scheme defines the scheme to use for the request to the upstream Kubernetes Service.\nIt defaults to https when Kubernetes Service port is 443, http otherwise.", "type": "string" }, "serversTransport": { + "description": "ServersTransport defines the name of ServersTransport resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service.", "type": "string" }, "sticky": { + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", "type": "object", "properties": { "cookie": { + "description": "Cookie defines the sticky cookie configuration.", "type": "object", "properties": { "httpOnly": { + "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, "name": { + "description": "Name defines the Cookie name.", "type": "string" }, "sameSite": { + "description": "SameSite defines the same site policy.\nMore info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite", "type": "string" }, "secure": { + "description": "Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).", "type": "boolean" } }, @@ -115,9 +141,11 @@ "additionalProperties": false }, "strategy": { + "description": "Strategy defines the load balancing strategy between the servers.\nRoundRobin is the only supported value at the moment.", "type": "string" }, "weight": { + "description": "Weight defines the weight and should only be specified when Name references a TraefikService object\n(and to be precise, one that embeds a Weighted Round Robin).", "type": "integer" } }, @@ -125,18 +153,23 @@ } }, "name": { + "description": "Name defines the name of the referenced Kubernetes Service or TraefikService.\nThe differentiation between the two is specified in the Kind field.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.", "type": "string" }, "nativeLB": { + "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, "passHostHeader": { + "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" }, "port": { + "description": "Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port.", "anyOf": [ { "type": "integer" @@ -148,36 +181,46 @@ "x-kubernetes-int-or-string": true }, "responseForwarding": { + "description": "ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.", "type": "object", "properties": { "flushInterval": { + "description": "FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.\nA negative value means to flush immediately after each write to the client.\nThis configuration is ignored when ReverseProxy recognizes a response as a streaming response;\nfor such responses, writes are flushed to the client immediately.\nDefault: 100ms", "type": "string" } }, "additionalProperties": false }, "scheme": { + "description": "Scheme defines the scheme to use for the request to the upstream Kubernetes Service.\nIt defaults to https when Kubernetes Service port is 443, http otherwise.", "type": "string" }, "serversTransport": { + "description": "ServersTransport defines the name of ServersTransport resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service.", "type": "string" }, "sticky": { + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", "type": "object", "properties": { "cookie": { + "description": "Cookie defines the sticky cookie configuration.", "type": "object", "properties": { "httpOnly": { + "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, "name": { + "description": "Name defines the Cookie name.", "type": "string" }, "sameSite": { + "description": "SameSite defines the same site policy.\nMore info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite", "type": "string" }, "secure": { + "description": "Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).", "type": "boolean" } }, @@ -187,26 +230,32 @@ "additionalProperties": false }, "strategy": { + "description": "Strategy defines the load balancing strategy between the servers.\nRoundRobin is the only supported value at the moment.", "type": "string" }, "weight": { + "description": "Weight defines the weight and should only be specified when Name references a TraefikService object\n(and to be precise, one that embeds a Weighted Round Robin).", "type": "integer" } }, "additionalProperties": false }, "weighted": { + "description": "Weighted defines the Weighted Round Robin configuration.", "type": "object", "properties": { "services": { + "description": "Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.", "type": "array", "items": { + "description": "Service defines an upstream HTTP service to proxy traffic to.", "type": "object", "required": [ "name" ], "properties": { "kind": { + "description": "Kind defines the kind of the Service.", "type": "string", "enum": [ "Service", @@ -214,18 +263,23 @@ ] }, "name": { + "description": "Name defines the name of the referenced Kubernetes Service or TraefikService.\nThe differentiation between the two is specified in the Kind field.", "type": "string" }, "namespace": { + "description": "Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.", "type": "string" }, "nativeLB": { + "description": "NativeLB controls, when creating the load-balancer,\nwhether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.\nThe Kubernetes Service itself does load-balance to the pods.\nBy default, NativeLB is false.", "type": "boolean" }, "passHostHeader": { + "description": "PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.\nBy default, passHostHeader is true.", "type": "boolean" }, "port": { + "description": "Port defines the port of a Kubernetes Service.\nThis can be a reference to a named port.", "anyOf": [ { "type": "integer" @@ -237,36 +291,46 @@ "x-kubernetes-int-or-string": true }, "responseForwarding": { + "description": "ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.", "type": "object", "properties": { "flushInterval": { + "description": "FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.\nA negative value means to flush immediately after each write to the client.\nThis configuration is ignored when ReverseProxy recognizes a response as a streaming response;\nfor such responses, writes are flushed to the client immediately.\nDefault: 100ms", "type": "string" } }, "additionalProperties": false }, "scheme": { + "description": "Scheme defines the scheme to use for the request to the upstream Kubernetes Service.\nIt defaults to https when Kubernetes Service port is 443, http otherwise.", "type": "string" }, "serversTransport": { + "description": "ServersTransport defines the name of ServersTransport resource to use.\nIt allows to configure the transport between Traefik and your servers.\nCan only be used on a Kubernetes Service.", "type": "string" }, "sticky": { + "description": "Sticky defines the sticky sessions configuration.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions", "type": "object", "properties": { "cookie": { + "description": "Cookie defines the sticky cookie configuration.", "type": "object", "properties": { "httpOnly": { + "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, "name": { + "description": "Name defines the Cookie name.", "type": "string" }, "sameSite": { + "description": "SameSite defines the same site policy.\nMore info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite", "type": "string" }, "secure": { + "description": "Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).", "type": "boolean" } }, @@ -276,9 +340,11 @@ "additionalProperties": false }, "strategy": { + "description": "Strategy defines the load balancing strategy between the servers.\nRoundRobin is the only supported value at the moment.", "type": "string" }, "weight": { + "description": "Weight defines the weight and should only be specified when Name references a TraefikService object\n(and to be precise, one that embeds a Weighted Round Robin).", "type": "integer" } }, @@ -286,21 +352,27 @@ } }, "sticky": { + "description": "Sticky defines whether sticky sessions are enabled.\nMore info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing", "type": "object", "properties": { "cookie": { + "description": "Cookie defines the sticky cookie configuration.", "type": "object", "properties": { "httpOnly": { + "description": "HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.", "type": "boolean" }, "name": { + "description": "Name defines the Cookie name.", "type": "string" }, "sameSite": { + "description": "SameSite defines the same site policy.\nMore info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite", "type": "string" }, "secure": { + "description": "Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).", "type": "boolean" } }, diff --git a/schema/upbound.io/storeconfig_v1alpha1.json b/schema/upbound.io/storeconfig_v1alpha1.json index e484ffbeb..227d04568 100644 --- a/schema/upbound.io/storeconfig_v1alpha1.json +++ b/schema/upbound.io/storeconfig_v1alpha1.json @@ -1,64 +1,76 @@ { + "description": "A StoreConfig configures how Upbound controller should store connection details.", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "A StoreConfigSpec defines the desired state of a ProviderConfig.", "type": "object", "required": [ "defaultScope" ], "properties": { "defaultScope": { + "description": "DefaultScope used for scoping secrets for \"cluster-scoped\" resources.\nIf store type is \"Kubernetes\", this would mean the default namespace to\nstore connection secrets for cluster scoped resources.\nIn case of \"Vault\", this would be used as the default parent path.\nTypically, should be set as Crossplane installation namespace.", "type": "string" }, "kubernetes": { + "description": "Kubernetes configures a Kubernetes secret store.\nIf the \"type\" is \"Kubernetes\" but no config provided, in cluster config\nwill be used.", "type": "object", "required": [ "auth" ], "properties": { "auth": { + "description": "Credentials used to connect to the Kubernetes API.", "type": "object", "required": [ "source" ], "properties": { "env": { + "description": "Env is a reference to an environment variable that contains credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name is the name of an environment variable.", "type": "string" } }, "additionalProperties": false }, "fs": { + "description": "Fs is a reference to a filesystem location that contains credentials that\nmust be used to connect to the provider.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "Path is a filesystem path.", "type": "string" } }, "additionalProperties": false }, "secretRef": { + "description": "A SecretRef is a reference to a secret key that contains the credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "key", @@ -67,18 +79,22 @@ ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, "additionalProperties": false }, "source": { + "description": "Source of the credentials.", "type": "string", "enum": [ "None", @@ -94,9 +110,11 @@ "additionalProperties": false }, "plugin": { + "description": "Plugin configures External secret store as a plugin.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef contains store config reference info.", "type": "object", "required": [ "apiVersion", @@ -105,24 +123,29 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the referenced config.", "type": "string" }, "kind": { + "description": "Kind of the referenced config.", "type": "string" }, "name": { + "description": "Name of the referenced config.", "type": "string" } }, "additionalProperties": false }, "endpoint": { + "description": "Endpoint is the endpoint of the gRPC server.", "type": "string" } }, "additionalProperties": false }, "type": { + "description": "Type configures which secret store to be used. Only the configuration\nblock for this store will be used and others will be ignored if provided.\nDefault is Kubernetes.", "type": "string", "default": "Kubernetes", "enum": [ @@ -135,11 +158,14 @@ "additionalProperties": false }, "status": { + "description": "A StoreConfigStatus represents the status of a StoreConfig.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -149,23 +175,29 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "type": "integer", "format": "int64" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, diff --git a/schema/vault.upbound.io/storeconfig_v1alpha1.json b/schema/vault.upbound.io/storeconfig_v1alpha1.json index e484ffbeb..109e20e57 100644 --- a/schema/vault.upbound.io/storeconfig_v1alpha1.json +++ b/schema/vault.upbound.io/storeconfig_v1alpha1.json @@ -1,64 +1,76 @@ { + "description": "A StoreConfig configures how vault controller should store connection details.", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "A StoreConfigSpec defines the desired state of a ProviderConfig.", "type": "object", "required": [ "defaultScope" ], "properties": { "defaultScope": { + "description": "DefaultScope used for scoping secrets for \"cluster-scoped\" resources.\nIf store type is \"Kubernetes\", this would mean the default namespace to\nstore connection secrets for cluster scoped resources.\nIn case of \"Vault\", this would be used as the default parent path.\nTypically, should be set as Crossplane installation namespace.", "type": "string" }, "kubernetes": { + "description": "Kubernetes configures a Kubernetes secret store.\nIf the \"type\" is \"Kubernetes\" but no config provided, in cluster config\nwill be used.", "type": "object", "required": [ "auth" ], "properties": { "auth": { + "description": "Credentials used to connect to the Kubernetes API.", "type": "object", "required": [ "source" ], "properties": { "env": { + "description": "Env is a reference to an environment variable that contains credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name is the name of an environment variable.", "type": "string" } }, "additionalProperties": false }, "fs": { + "description": "Fs is a reference to a filesystem location that contains credentials that\nmust be used to connect to the provider.", "type": "object", "required": [ "path" ], "properties": { "path": { + "description": "Path is a filesystem path.", "type": "string" } }, "additionalProperties": false }, "secretRef": { + "description": "A SecretRef is a reference to a secret key that contains the credentials\nthat must be used to connect to the provider.", "type": "object", "required": [ "key", @@ -67,18 +79,22 @@ ], "properties": { "key": { + "description": "The key to select.", "type": "string" }, "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, "additionalProperties": false }, "source": { + "description": "Source of the credentials.", "type": "string", "enum": [ "None", @@ -94,9 +110,11 @@ "additionalProperties": false }, "plugin": { + "description": "Plugin configures External secret store as a plugin.", "type": "object", "properties": { "configRef": { + "description": "ConfigRef contains store config reference info.", "type": "object", "required": [ "apiVersion", @@ -105,24 +123,29 @@ ], "properties": { "apiVersion": { + "description": "APIVersion of the referenced config.", "type": "string" }, "kind": { + "description": "Kind of the referenced config.", "type": "string" }, "name": { + "description": "Name of the referenced config.", "type": "string" } }, "additionalProperties": false }, "endpoint": { + "description": "Endpoint is the endpoint of the gRPC server.", "type": "string" } }, "additionalProperties": false }, "type": { + "description": "Type configures which secret store to be used. Only the configuration\nblock for this store will be used and others will be ignored if provided.\nDefault is Kubernetes.", "type": "string", "default": "Kubernetes", "enum": [ @@ -135,11 +158,14 @@ "additionalProperties": false }, "status": { + "description": "A StoreConfigStatus represents the status of a StoreConfig.", "type": "object", "properties": { "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -149,23 +175,29 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "type": "integer", "format": "int64" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, diff --git a/schema/vault.vault.upbound.io/namespace_v1alpha1.json b/schema/vault.vault.upbound.io/namespace_v1alpha1.json index 464ba6fb6..5c6387431 100644 --- a/schema/vault.vault.upbound.io/namespace_v1alpha1.json +++ b/schema/vault.vault.upbound.io/namespace_v1alpha1.json @@ -1,25 +1,30 @@ { + "description": "Namespace is the Schema for the Namespaces API. Writes namespaces for Vault", "type": "object", "required": [ "spec" ], "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "description": "NamespaceSpec defines the desired state of Namespace", "type": "object", "required": [ "forProvider" ], "properties": { "deletionPolicy": { + "description": "DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either \"Delete\" or \"Orphan\" the external resource. This field is planned to be deprecated in favor of the ManagementPolicies field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "type": "string", "default": "Delete", "enum": [ @@ -31,50 +36,61 @@ "type": "object", "properties": { "customMetadata": { + "description": "Custom metadata describing this namespace. Value type is map[string]string. Requires Vault version 1.12+. Custom metadata describing this namespace. Value type is map[string]string.", "type": "object", "additionalProperties": { "type": "string" } }, "namespace": { + "description": "The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise. Target namespace. (requires Enterprise)", "type": "string" }, "path": { + "description": "The path of the namespace. Must not have a trailing /. Namespace path.", "type": "string" }, "pathFq": { + "description": "The fully qualified path to the namespace. Useful when provisioning resources in a child namespace. The path is relative to the provider's namespace argument. The fully qualified namespace path.", "type": "string" } }, "additionalProperties": false }, "initProvider": { + "description": "THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.", "type": "object", "properties": { "customMetadata": { + "description": "Custom metadata describing this namespace. Value type is map[string]string. Requires Vault version 1.12+. Custom metadata describing this namespace. Value type is map[string]string.", "type": "object", "additionalProperties": { "type": "string" } }, "namespace": { + "description": "The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise. Target namespace. (requires Enterprise)", "type": "string" }, "path": { + "description": "The path of the namespace. Must not have a trailing /. Namespace path.", "type": "string" }, "pathFq": { + "description": "The fully qualified path to the namespace. Useful when provisioning resources in a child namespace. The path is relative to the provider's namespace argument. The fully qualified namespace path.", "type": "string" } }, "additionalProperties": false }, "managementPolicies": { + "description": "THIS IS AN ALPHA FIELD. Do not use it in production. It is not honored unless the relevant Crossplane feature flag is enabled, and may be changed or removed without notice. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "type": "array", "default": [ "*" ], "items": { + "description": "A ManagementAction represents an action that the Crossplane controllers can take on an external resource.", "type": "string", "enum": [ "Observe", @@ -87,6 +103,7 @@ } }, "providerConfigRef": { + "description": "ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.", "type": "object", "default": { "name": "default" @@ -96,12 +113,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -110,6 +130,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -123,18 +144,22 @@ "additionalProperties": false }, "providerRef": { + "description": "ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`", "type": "object", "required": [ "name" ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -143,6 +168,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -156,12 +182,14 @@ "additionalProperties": false }, "publishConnectionDetailsTo": { + "description": "PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.", "type": "object", "required": [ "name" ], "properties": { "configRef": { + "description": "SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.", "type": "object", "default": { "name": "default" @@ -171,12 +199,15 @@ ], "properties": { "name": { + "description": "Name of the referenced object.", "type": "string" }, "policy": { + "description": "Policies for referencing.", "type": "object", "properties": { "resolution": { + "description": "Resolution specifies whether resolution of this reference is required. The default is 'Required', which means the reconcile will fail if the reference cannot be resolved. 'Optional' means this reference will be a no-op if it cannot be resolved.", "type": "string", "default": "Required", "enum": [ @@ -185,6 +216,7 @@ ] }, "resolve": { + "description": "Resolve specifies when this reference should be resolved. The default is 'IfNotPresent', which will attempt to resolve the reference only when the corresponding field is not present. Use 'Always' to resolve the reference on every reconcile.", "type": "string", "enum": [ "Always", @@ -198,33 +230,39 @@ "additionalProperties": false }, "metadata": { + "description": "Metadata is the metadata for connection secret.", "type": "object", "properties": { "annotations": { + "description": "Annotations are the annotations to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.annotations\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "labels": { + "description": "Labels are the labels/tags to be added to connection secret. - For Kubernetes secrets, this will be used as \"metadata.labels\". - It is up to Secret Store implementation for others store types.", "type": "object", "additionalProperties": { "type": "string" } }, "type": { + "description": "Type is the SecretType for the connection secret. - Only valid for Kubernetes Secret Stores.", "type": "string" } }, "additionalProperties": false }, "name": { + "description": "Name is the name of the connection secret.", "type": "string" } }, "additionalProperties": false }, "writeConnectionSecretToRef": { + "description": "WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.", "type": "object", "required": [ "name", @@ -232,9 +270,11 @@ ], "properties": { "name": { + "description": "Name of the secret.", "type": "string" }, "namespace": { + "description": "Namespace of the secret.", "type": "string" } }, @@ -250,38 +290,47 @@ ] }, "status": { + "description": "NamespaceStatus defines the observed state of Namespace.", "type": "object", "properties": { "atProvider": { "type": "object", "properties": { "customMetadata": { + "description": "Custom metadata describing this namespace. Value type is map[string]string. Requires Vault version 1.12+. Custom metadata describing this namespace. Value type is map[string]string.", "type": "object", "additionalProperties": { "type": "string" } }, "id": { + "description": "The fully qualified path to the namespace, including the provider namespace and a trailing slash.", "type": "string" }, "namespace": { + "description": "The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise. Target namespace. (requires Enterprise)", "type": "string" }, "namespaceId": { + "description": "Vault server's internal ID of the namespace. Namespace ID.", "type": "string" }, "path": { + "description": "The path of the namespace. Must not have a trailing /. Namespace path.", "type": "string" }, "pathFq": { + "description": "The fully qualified path to the namespace. Useful when provisioning resources in a child namespace. The path is relative to the provider's namespace argument. The fully qualified namespace path.", "type": "string" } }, "additionalProperties": false }, "conditions": { + "description": "Conditions of the resource.", "type": "array", "items": { + "description": "A Condition that may apply to a resource.", "type": "object", "required": [ "lastTransitionTime", @@ -291,19 +340,24 @@ ], "properties": { "lastTransitionTime": { + "description": "LastTransitionTime is the last time this condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { + "description": "A Message containing details about this condition's last transition from one status to another, if any.", "type": "string" }, "reason": { + "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { + "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { + "description": "Type of this condition. At most one of each condition type may apply to a resource at any point in time.", "type": "string" } }, diff --git a/schema/velero.io/resticrepository_v1.json b/schema/velero.io/resticrepository_v1.json index 9921ff321..40bd0c82e 100644 --- a/schema/velero.io/resticrepository_v1.json +++ b/schema/velero.io/resticrepository_v1.json @@ -1,60 +1,71 @@ { + "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "additionalProperties": false, + "description": "ResticRepositorySpec is the specification for a ResticRepository.", + "type": "object", + "required": [ + "backupStorageLocation", + "maintenanceFrequency", + "resticIdentifier", + "volumeNamespace" + ], "properties": { "backupStorageLocation": { + "description": "BackupStorageLocation is the name of the BackupStorageLocation that should contain this repository.", "type": "string" }, "maintenanceFrequency": { + "description": "MaintenanceFrequency is how often maintenance should be run.", "type": "string" }, "resticIdentifier": { + "description": "ResticIdentifier is the full restic-compatible string for identifying this repository.", "type": "string" }, "volumeNamespace": { + "description": "VolumeNamespace is the namespace this restic repository contains pod volume backups for.", "type": "string" } }, - "required": [ - "backupStorageLocation", - "maintenanceFrequency", - "resticIdentifier", - "volumeNamespace" - ], - "type": "object" + "additionalProperties": false }, "status": { - "additionalProperties": false, + "description": "ResticRepositoryStatus is the current status of a ResticRepository.", + "type": "object", "properties": { "lastMaintenanceTime": { + "description": "LastMaintenanceTime is the last time maintenance was run.", + "type": "string", "format": "date-time", - "nullable": true, - "type": "string" + "nullable": true }, "message": { + "description": "Message is a message about the current status of the ResticRepository.", "type": "string" }, "phase": { + "description": "Phase is the current state of the ResticRepository.", + "type": "string", "enum": [ "New", "Ready", "NotReady" - ], - "type": "string" + ] } }, - "type": "object" + "additionalProperties": false } - }, - "type": "object" + } }